Breach Avoidance: 4 TipsHackers Can't Be Stopped, But They Can be Contained
Josh Corman, research director of the Enterprise Security Practice at The 451 Group, says cyberattacks have taken a targeted tone, whether to prove a point or infiltrate seemingly highly secure systems. "We've been caught with our pants down," he says. "Our arrogance about thinking these things were unbreakable, those chickens have come home to roost."
The IMF and Senate breaches rang an alarm, as some analysts and security experts have suggested links to other attacks waged against Google's Gmail, RSA Security's SecurID multifactor authentication tokens, Lockheed Martin Corp. and L-3 Communications Holdings Inc. [See RSA: SecurID Hack Tied to Lockheed Attack.]
In fact, a link between the Senate hack and attacks on Sony , PBS and Infragard has been confirmed by Lulzsec, the hacking group taking credit for all three attacks. [See Group Claims Hack on Senate Computers and The Burden of Breach Notification.]
Fighting Back? What CISOs Can DoMost experts agree: Once a company or organization has been targeted, there's little it can do to keep hackers out.
"This avalanche has been waiting to happen for years," says online security expert Neil Schwartzman. "All these data breaches are chickens coming home to roost. Most of these companies have been lucky thus far, and now it's a feeding frenzy in the crime world."
A big part of the problem, Schwartzman says, is that employees have too much access to internal information. "The best thing companies can do is the same stuff we've been talking about for years: make sure the core assets aren't treated with the same priority as some of the lesser systems. It all has to be protected," he says.
Corman says, if nothing else, the Lulzsec hacks have shown a light on security vulnerabilities that should have addressed years if not decades ago. "These attacks are going to escalate," he says. But organizations can implement basic steps to make the hacker's job harder.
Top 4 Recommendations
- Limit access. "The best thing to do is disconnect people from things they don't need to be connected to," Schwartzman says. "Why would they need access to everything? It's sloppy."
- Pile on layers of security, and get up-to-date. "A lot of these attacks were exploiting fairly easy techniques, like default passwords or out-of-date Apache [software] or Web servers," Corman says. "People were not patching or updating. They were not doing the basics."
- Include breach response in disaster-recovery plans. "You have scenarios in your recovery for a chaotic storm versus a physical storm," Corman says. "Can you shut down some of your systems without completely going offline?" Shutting certain systems down makes it harder for hackers to find their way through the network infrastructure; and the more they have to work, the more cyber crumbs they leave behind. "You can't fight them off forever, but if you delay them long enough, they will leave evidence behind and may give you time to get law enforcement involved."
- Admit fault and negotiate. Eventually, hackers will get in. "That's why you need a diplomatic approach, to address the hackers after a breach," Corman says. "When you find yourself in the midst of a hack, you can try countermeasures, but you also need social techniques to diffuse the issue and come to agreement. In the case of Sony, they kept trying technical solutions for an interpersonal problem."