Page 11 - index
P. 11
You’ve Been Hacked- Now What?
By Todd Weller, VP, Corporate Development, Hexis Cyber Solutions
One of the main reasons the Target data breach received so much attention -- and was able to
cause so much damage -- was because it took place over the holiday season, the most heavily
trafficked online shopping time of the year.
Over the past year, we have seen countless other major retailors become victims of cyber-
attacks and we see how easy it is for adversaries to compromise networks and steal important
information. It’s only a matter of time before you experience the same. Why? Because hackers
only need to exploit one vulnerability and defenders need to cover all of them.
It typically just takes a single user unknowingly clicking on a link and the hacker is in. Once this
happens, the damage can be extensive.
As we cross the one year mark from the Target breach, we are reminded of the valuable lesson
these breaches have taught us this year: it is a matter of when, not if, you will be breached.
Organizations need to constantly be on the defense against cyber attacks and be prepared with
the proper systems in place for when they are breached. This will help them effectively and
efficiently handle the attack and minimize the damage done.
To help mitigate the impact of an attack now and in the future, the following five-step plan
outlines a methodical approach your IT team should have in place to reduce the amount of time
a breach can live and wreak havoc in your network.
1.) Detect and Identify: Once the IT security team has validated that the organization is
faced with a malicious situation and not just ‘noise,’ they need to react quickly and
establish a cross-functional team to oversee all aspects of the response process.
2.) To Contain or Not to Contain? After identifying the nature, extent, and severity of the
attack, team members are faced with two options: contain it or proceed directly to
removal.
3.) Remove and Recover: To remove the threat and recover, the team must identify all
infected hosts on the network and then must take necessary precautions to effectively
stop and kill all active processes of the attacker.
4.) Be Proactive: APTs often return with nuanced versions of the attack, so it is absolutely
critical that organizations take a proactive stance to break the cycle.
5.) Automate Incidence Response: Automation goes hand in hand with a proactive
approach. Automation eliminates the need to perform manual work provides an
opportunity for huge cost savings.
Will your organization know how to react in the event of a Holiday data breach? Visit the Hexis
Information Center for case studies on companies that already have the tools in place to identify
and remediate attacks.
11 Cyber Warnings E-Magazine – December 2014 Edition
Copyright © Cyber Defense Magazine, All rights reserved worldwide