Imagine that your business has fallen victim to a cyber-attack. What would be the first indication that you have been compromised – when you find yourself locked out of your systems? Often by the time a hacker reveals themselves, much of the damage has already been done.
If a cyber-criminal manages to infiltrate your systems, the best-case scenario would see you detecting the intruder before they manage to cause any damage. This would give you enough time to enlist help, remove them from your network and, if necessary, restore your data from your backup so that you can keep business continuing while you mitigate the fallout.
A study from Info Security showed that hackers on average spend approximately 200 days exploring your systems. Once they’ve breached your perimeter, an attacker can use various tools for finding attack vectors inside your networks, depending on what they want to achieve. In worse case scenarios, they can gain Domain Admin privileges, which is akin to obtaining the keys to the kingdom. From there the sky is the limit for the attackers.
That’s why network visibility is important. The first and biggest fundamental challenge for cyber defence is detection: if an attack is not found, it cannot be removed. Businesses need to be able to detect intruders, especially when they are doing their best to hide from you.
Prevention is a great strategy of course – anything you can do to minimise your chance of being breached absolutely should be implemented. Up to date patching, network boundary reviews, training and penetration tests are excellent for helping you strengthen your security posture. But just like physical locks on the front door of your home, these measures can be overcome by sophisticated and determined criminals. An alarm system that lets you know when someone enters the property is your next line of the defence as it gives you a chance of catching the perpetrator – in a similar way to how the tools we use in the SOC alert us when a breach has been detected in our USM customers’ networks.
It only takes one small human error for a cyber criminal to infiltrate your system. With the sheer amount of attacks occurring daily, it’s easy to understand why you can never 100% eliminate your odds of being hit by an attack.
Adding to those probabilities is the current threat landscape since the onset of COVID-19. According to stats from the Open Threat Exchange intelligence community, the past few months have seen over 400,000 COVID-related Indicators of Compromise from January to March, with a 2,000% month-over-month increase. This is unsurprising, as the remote working required by businesses during lockdown resulted in many security corners being cut – as well as a more dispersed network as employees connect through their own home WiFi Cyber criminals are well aware of these new opportunities and are clearly exploiting them for their own gain.
The best security advice we can give to businesses is to shift your mind-set from “if” it happens, to “when” it happens – and make sure your cyber security strategy includes processes that help you to both prevent and detect breaches. That way you will be as well prepared as possible to mitigate a breach before it’s too late.
Horatiu is the team leader of our Security Operations Centre at Kordia. To find out more about how these services can help bolster your business’s cyber defence, click here.