A recent report written by Enterprise Strategy Group (and commissioned by Intel Security), reveals slow responses to cyber-attacks from enterprises are leaving companies vulnerable to targeted online crime.
This research is one of the latest attempts to persuade IT users to check their defences against cyber-threats and equally importantly to make some investments into dealing with attacks. Raj Samani, EMEA Chief Technical Officer at Intel Security, said that customers have a ‘golden hour’ in which they can detect and deflect an attack, but delaying much beyond this short time frame can result in widespread contamination and failure of IT and data systems.
According to the report a substantial number of customers were unsure as to what to do on detecting a cyber-attack.
Indeed their research showed that:
- 25% of UK IT professionals took more than two weeks just to discover that they had been targeted.
- Once the threat had been detected, a third of them took between another fortnight and three months to deal with the attack.
- Among the UK companies who responded to the research questionnaire, 39% said that they wanted improved integrated analytical tools to give them a better view of their systems.
- The average figure of cyberattack investigations per company was a total of 78%, and 28% of those attacks were directed at individuals seeking to elicit confidential data on employees or customers. At the same time the attackers usually left behind malware to infect the users’ PCs.
- Apparently Tuesday and Thursday mornings are the peak times to send phishing/social engineering attacks – with Tuesday mornings being the most common time for these emails to be activated by unprepared staff.
A recent attack on a small business began with a blackmail attack – a message to the business owner on his company’s website, threatening to expose their customer database if the hackers didn’t receive money. Within one hour, the company had removed access to their website, and then made sure that all current customers had 100% of their orders fulfilled.
The company then trawled their networked servers to find any malicious files, which they destroyed within 10 hours. Before returning all of the company’s 70,000 digital files to the original system, they were transferred to another computer and new security software and password protections were installed to prevent a similar attack. The company survived to fight another day through a combination of quick thinking and the fact that they had a robust Incident Response system in place.
The Golden Hour – what steps should your business be taking?
- Following the detection of an attack ensure that your business website is immediately taken off line and prevent all access to IT systems. This removes vulnerabilities to attacks through your site, and customers using the website will not be exposed to the malware you may have collected.
- Identify the failings that allowed the malware access. Scan the computers that are used to login to your site, update your virus and spyware definitions and run a full system scan, then run an anti-malware program to make sure the scan has detected all glitches.
- Immediately change passwords, making sure that all passwords are changed, including those for anyone who has access through your FTP and admin tools,
- Then you have time to assess what sort of attack you suffered, update third party software, contact your host provider and start to clean all the systems you use.
- It is essential to have in place automatic detection processes and synchronised security tools to act fast in this golden hour of opportunity. Many conventional tools used to detect a cyber-attack don’t necessarily share the data they collect. Each security tool inspects a different part of the network and because they are not integrated, the data they collect is scattered and it becomes labour intensive to see an overview of the attack and the harm it has caused, or is still causing.
It is clear that companies in the UK are still failing to proactively protect their systems, educate their employees and act in a timely fashion once an attack is detected. Once hackers detect a potential failure in protecting a business network they will capitalise on their initial success and spread mayhem through the operation among data and systems.
NOW is the time to set up a robust and rapid Incident Reponse plan to deal with the effects of an attack, whenever it occurs.
Tim Holman is the CEO at 2-sec and Director of the Information Systems Section Association (ISSA) international board. Tim has over 20 years professional experience as a PCI DSS and Cyber Security consultant. He was one of the first QSAs accredited in Europe and heads up 2-sec’s PA-DSS and penetration testing lab. Tim was the recipient of the Microsoft MVP for Security Award in 2004, 2005 and 2006, and in 2014 was awarded Fellowship of the Information Systems Security Association (ISSA), only the second person to do so in the UK over ISSA’s 27 year history. Connect with Tim on LinkedIn and follow him on Twitter for more.