Page 44 - Cyber Warnings
P. 44
connection requests from an unknown source outside the network. When an attack happens,
data-driven analysis will also help with forensics and root-cause analysis to better understand
how the attack happened, where it started and if it’s spread further onto the network.
Monitor endpoint devices
Suppose you are a payroll processing company, potentially storing confidential client data. A
malicious insider at your company could be saving this sensitive data to a USB device and
taking it with them, right under your nose. To mitigate his threat, ideally, you should be
monitoring all endpoint devices, be it a laptop, USB drive or any other. Back to our example,
with proper device monitoring, as soon as the user plugs in the USB device, the device could be
ejected/blocked automatically and a corrective action, such as a warning message or account
blocking, implemented.
Demonstrate PCI DSS and HIPAA compliances
Payment card and healthcare industries are more prone to data breaches than most others
because a single attack has the potential to compromise data from millions of credit cards or
patient records. Given the extra sensitive data, it’s important to automate and demonstrate
compliance with required standards, such as PCI DSS and HIPAA, to avoid regulatory fines or
criminal proceedings and protect your servers and databases.
Even if you’re not operating in an industry required to meet these or other compliance
standards, it’s never a bad idea to operate as though you are, leveraging the standards as
guidelines for the bare minimum you should be doing (remember, compliance alone does not
equal secure).
Identify insider threats
It’s entirely possible that the most damaging security compromise may happen from the inside.
Dedicated monitoring of network traffic, logs, credentials and which users attempted to access
server data should be commonplace. For example, such monitoring could flag an employee
attempting to log into a business critical server or core router they have no need accessing.
Beware of ransomware and other social engineering threats
Ransomware is a type of malware gaining steam that locks your files or systems with an
encryption that can only be decrypted after paying a ransom. Beware of notorious ransomware
families like CryptoWall 3, CryptoLocker and CTB-Locker. It’s just one type of threat that often
leverages social engineering to trick users into taking actions that ultimately compromise their
device(s) and your network.
44 Cyber Warnings E-Magazine – March 2016 Edition
Copyright © Cyber Defense Magazine, All rights reserved worldwide
