Despite the billions of dollars invested in cybersecurity, organizations take far too long to respond to a breach. By 2020, cybersecurity spending is expected to top $170 billion. Yet according to the 2016 Verizon Data Breach Investigations report (DBIR), 83% of compromises take weeks or longer to discover.
As retail giants, Target and Home Depot know, a lot of damage can be done between the time a breach is completed and the time it’s discovered. Just ask TJX, which didn’t notice the signs of a 2005 breach until 2007 — a colossal attack that compromised the personal information of over 450,000 customers.
Many Attack Vectors Provide Many Ways In
Even as organizations shore up their cybersecurity defenses with firewalls, antivirus programs and antimalware tools, they struggle to pinpoint when and where breaches occur. Security teams face a formidable adversary in hackers skilled at slipping past security and concealing or even erasing signs of their presence.
Trends like the IoT, mobile workforces and cloud computing make the job of IT security harder and that of hackers easier by expanding network attack surfaces and creating more endpoints to exploit. Every IoT and mobile device is a potential cyber attack vector; and today’s hackers use whatever means they have to expose an organization’s vulnerabilities and weakest links. To disarm these bad actors, organization's first have to understand where hackers are sneaking in and how.
Don’t Fall for Phishing
The Verizon DBIR shows that the most common way to breach a network is to compromise credentials, with phishing being one of the most direct ways for hackers to do it. In phishing attacks aimed at stealing credentials, hackers send emails with links to phony websites where victims enter their login credentials, and unwittingly open the door to the network.
Credential theft isn’t the only phishing risk. Another is the injection of malware, which can be done by sending nefarious emails asking victims to click on a link or file attachment. Once in, the malware searches for and exploits vulnerabilities like unpatched software or dated legacy systems.
With the Verizon DBIR revealing that 23% of targets open phishing emails and 11% click on attachments, organizations need to make cyber education a priority. This is especially critical when you consider that exploits can emerge as fast as 10 days after a new vulnerability is found — meaning you should never put off installing that new patch or ignore system update reminders.
Recognizing Signs of Compromise
Promoting good cyber hygiene, keeping systems up to date and deploying the right security technology are all central to avoiding risk. Still, hackers aren’t easily discouraged; and it’s inevitable you will experience a breach at some point. How will you know? Here are some signs:
- New open firewall ports
- New applications on endpoints
- Excess traffic with IP’s outside the serviced area
- Patch installation failures
- Disabled antivirus systems
- Excessive failed logins
- Strange event log entries
- Multiple application and event log errors
In addition to recognizing indicators of compromise, it helps to identify your most critical assets, where they lie, and the vulnerabilities and threats that put them at risk. Our partner, Fortinet, offers a free online cyber threat assessment to give you a clearer picture. Contact us to learn more.