Building a proactive approach to cyber security
More organisations are facing security breaches, especially since the traditional working day and office set-up has changed due to Covid-19 and more employees now work from home. Daniel Clipston, our Sophos Cyber Security Business Manager explains how by putting incident response in place before your organisation is attacked, you can mitigate threat and prevent wider security issues.
Due to a lot of businesses stepping away from the typical nine to five working hours and flexible working increasing in popularity, we have noticed a rise in cyber-attacks inside the typical ‘out of hours’ window. Hackers are using this shift in the working day as an opportunity and are working smarter than ever to catch organisations out by attacking at unexpected times – such as 3am Saturday morning, for example – which is leading to organisations being unaware of the attack for hours, if not days and exposing them to a number of security concerns.
While each attack is different, there are similarities in the challenges an organisation faces following a breach.
- Financial exposure: even if it’s not a specific ransomware attack, your organisation will need to secure any money belonging to it behind the protection of an infrastructure and ensure the new security meets the highest standards and mitigates further risks.
- Data loss: once hackers have control of your data, they can use it to their advantage – most of the time this would mean selling on the information for a profit. While this causes issues for your organisation, it is also a serious GDPR breach that can lead to hefty fines.
- Time and resource: responding to a security breach takes your IT team away from their daily jobs and creates time consuming tasks, such as investigating the breach, understanding the damage, and mitigating the risk. Plus, once everything is back under control, they’ll also need to research and implement a new security strategy, which can be a very lengthy project.
- Reputation: while most customers will be understanding of an attack that isn’t your fault, they may be concerned to hear that the breach could have been prevented, leading to a breakdown of trust. This can cause damage to your brand’s reputation and negatively impact how your customers use and interact with your service.
- On-going damage: in some attacks, hackers will add a backdoor Trojan within your infrastructure, which will lay dormant until the attacker wishes to gain remote control over the infected devices and system – this can be at any time that they choose, so even once you think you have dealt with the attack, it may not be over.
Once your organisation has rectified the breach, you will need to mitigate the risk of future attacks and ensure your infrastructure is fully secure. This usually means creating and implementing an incident response plan that will need to be maintained and managed to ensure it doesn’t expire.
This reactive way of working is effective to minimise future exposures, but in most cases, the damage has already been done from the initial attack. Implementing a managed service pre-attack ensures your organisation has a proactive approach to limiting security breaches and protecting your environment.
Managed Threat Response (MTR)
Managed Threat Response (MTR) is a managed service offered by Sophos 24/7, 365 days of the year. MTR enables you to utilise Sophos’ threat experts who will oversee and review your security network, taking the pressure off IT teams of all sizes to ensure the best protection at all times.
Sophos’ MTR outline:
- Determine keys: key stakeholders from each department need to be involved in building and maintaining the strategy.
- Identify critical assets: map out high priority assets and build your strategy around the possibility of these being attacked.
- Run tabletop exercises: practice different scenarios to ensure your plan is robust.
- Deploy protection tools: protect against an attack in the first place and ensure you have implemented the correct software to fully protect your estate.
- Ensure maximum visibility: if you can’t view your IT estate, you can’t protect it effectively. Ensure your inventory solution is capturing all assets to allow you to protect them.
- Implement access control: regularly ensure the proper controls are in place to ensure only certain employees can access your infrastructure.
- Implement investigation tools: in addition to having a clear view of your IT estate, your organisation should invest in tools that provide context during an examination of your security structure to allow you to spot and fix future issues.
- Conduct awareness training: ensure every employee is aware of the issues a breach can raise and how they approach mitigating the risks is important to all organisations.
- Hire a managed security service: take the strain off your internal team and let the experts help and support you.