Eskenzi PR ad banner Eskenzi PR ad banner
  • About Us
Sunday, 3 July, 2022
IT Security Guru
Eskenzi PR banner
  • Home
  • Features
  • Insight
  • Events
    • Most Inspiring Women in Cyber 2021
  • Topics
    • Cloud Security
    • Cyber Crime
    • Cyber Warfare
    • Data Protection
    • DDoS
    • Hacking
    • Malware, Phishing and Ransomware
    • Mobile Security
    • Network Security
    • Regulation
    • Skills Gap
    • The Internet of Things
    • Threat Detection
    • AI and Machine Learning
    • Industrial Internet of Things
  • Multimedia
  • Product Reviews
  • About Us
No Result
View All Result
  • Home
  • Features
  • Insight
  • Events
    • Most Inspiring Women in Cyber 2021
  • Topics
    • Cloud Security
    • Cyber Crime
    • Cyber Warfare
    • Data Protection
    • DDoS
    • Hacking
    • Malware, Phishing and Ransomware
    • Mobile Security
    • Network Security
    • Regulation
    • Skills Gap
    • The Internet of Things
    • Threat Detection
    • AI and Machine Learning
    • Industrial Internet of Things
  • Multimedia
  • Product Reviews
  • About Us
No Result
View All Result
IT Security Guru
No Result
View All Result

Data visibility: the antidote to Snake-bites

by The Gurus
April 16, 2018
in This Week's Gurus
Share on FacebookShare on Twitter

By Matthias Maier, Security Evangelist, Splunk

It’s usually wrong to judge people by their names, but an organisation that calls itself “Snake” probably isn’t up to much good.

Citing unidentified security sources, DPA reported that Snake is the group suspected of carrying out a sophisticated and successful attack on the government’s computer network. As always, it’s difficult to be completely certain who exactly is behind a well-executed cyberattack, but this is believed to be connected with Russian intelligence, which has targeted government organisations in Ukraine, Europe and the US for most of the last decade.

What does this new attack tell us, other than confirming Russian hackers’ penchant for infantile names? The most important lesson is that no organisation is safe from a well-resourced and determined adversary – not even the government of one of the most developed nations on earth. If the German Interior ministry can’t protect themselves from hackers like Snake, then what?

Acknowledging the inevitability of a successful breach is the first step towards forming an effective response to cyberattacks. In the long run, what matters is how prepared an organisation is to detect, analyse and respond to an attack, when prevention techniques have failed.

Snakes and foxes

While it might help to give its operatives a sense of malevolent derring-do, “Snake” is a poor choice of name for a hacking collective. In most cases, serpents only attack when threatened – and only as a last resort. A more appropriate animal would be a fox, which returns again and again to a well-protected chicken coop, sniffing for weaknesses and probing the chicken wire for holes that it can creep through.

Foxes are both cunning and persistent, and practically impossible to guard against. What we must do is to study each successful intrusion, and learn how we can improve our defences, minimalise loss and in some cases, stop them at source.

What, then, can other organisations (and, indeed, the German government) learn from attacks like these?

Outfoxing the hackers

Organisations that find themselves in a similar position to the German government should immediately begin an investigation to find out how the attacker entered the network, where the weak point was, what systems or data was accessed, and how far the malware has spread.

This is no easy task – Snake’s attack is reported to have occurred in December, and it is still being investigated. This task is only possible if the organisation has collected and stored all log data from its entire digital ecosystem to put these pieces of the puzzle together – ideally in a centralised platform where it can be searched and analysed quickly by multiple stakeholders.

Clearly, having easy access to this information is crucial to understand what went wrong, what the damage was and fix the vulnerabilities that you uncover. But there are other important reasons for organisations to have a holistic view of their digital infrastructure and data. One of the most-neglected factors in a breach is the organisation’s communications strategy, and this depends on having as much accurate information to hand as soon as the organisation makes the hack public.

If an enterprise release erroneous or inaccurate information, it compounds the problems caused by the initial attack, making the organisation look incompetent. If, however, it takes too long to gather, verify and release information, organisations create a news vacuum that leads to speculation, which only leads to greater mistrust and loss of confidence. This, in fact, is one of the key goals of groups like Snake – to delegitimise national institutions such as governments, to spread fear, doubt and distrust, and so to undermine the very fabric of a nation’s democracy.

The attack on the German government provided us with other lessons, too. For example, their response showed the importance of developing collective security intelligence, where organisations share information with each other about potential attacks and threats. In this instance, the page first hacked belonged to an eLearning website. The attackers used this to gain access to the government digital ecosystem.

Organisations cannot face these threats alone, but rather cultivate a connected security network with their partners, which includes facilities to communicate on new threats as soon as they appear. This ecosystem will also be crucial in pulling together the historic data required (often stretching back years) for understanding a breach, where information on past interactions with other organisations can be so helpful in understanding how the attack developed.

Above all, any organisation that has suffered a breach is to use the experience as an opportunity. Of course, they should focus their immediate efforts on identifying, isolating and removing the intruder – but they should also learn from the attack. By having full oversight of their historic and real-time data, organisations can much better understand how the fox (or, if you like, the snake) has slipped through the wire, and so learn how to fix the fence more securely against future attacks.

FacebookTweetLinkedIn
ShareTweetShare
Previous Post

85 Percent of Consumers Say Businesses Should Be Doing More to Actively Protect Their Data

Next Post

RAT Gone Rogue: Meet ARS VBS Loader

Recent News

A Vulnerability Management Program is Nothing Without Identity Risk Protection

A Vulnerability Management Program is Nothing Without Identity Risk Protection

July 1, 2022
SPACE Dynamic Orchestration in the SASE Cloud with Cato Networks

A Research of Threat Actor Activity & Myths Busted by Cato Networks

July 1, 2022
SPACE Dynamic Orchestration in the SASE Cloud with Cato Networks

SPACE Dynamic Orchestration in the SASE Cloud with Cato Networks

July 1, 2022
Over a Decade in Software Security: What Have We learned?

Over a Decade in Software Security: What Have We learned?

July 1, 2022

The IT Security Guru offers a daily news digest of all the best breaking IT security news stories first thing in the morning! Rather than you having to trawl through all the news feeds to find out what’s cooking, you can quickly get everything you need from this site!

Our Address: 10 London Mews, London, W2 1HY

Follow Us

© 2015 - 2019 IT Security Guru - Website Managed by Calm Logic

  • About Us
No Result
View All Result
  • Home
  • Features
  • Insight
  • Events
    • Most Inspiring Women in Cyber 2021
  • Topics
    • Cloud Security
    • Cyber Crime
    • Cyber Warfare
    • Data Protection
    • DDoS
    • Hacking
    • Malware, Phishing and Ransomware
    • Mobile Security
    • Network Security
    • Regulation
    • Skills Gap
    • The Internet of Things
    • Threat Detection
    • AI and Machine Learning
    • Industrial Internet of Things
  • Multimedia
  • Product Reviews
  • About Us

© 2015 - 2019 IT Security Guru - Website Managed by Calm Logic

This site uses functional cookies and external scripts to improve your experience.

Privacy settings

Privacy Settings / PENDING

This site uses functional cookies and external scripts to improve your experience. Which cookies and scripts are used and how they impact your visit is specified on the left. You may change your settings at any time. Your choices will not impact your visit.

NOTE: These settings will only apply to the browser and device you are currently using.

GDPR Compliance

Powered by Cookie Information