Assume you have been hacked and you don’t know It. What’s your most powerful response?
Attitude can be your saving grace because the benefit of assuming a breach is that it immediately shifts your strategy from defense to offense. No-one likes to play back pedaling all the time. It is best to counter–attack. In these circumstances, assuming the worst and the subsequent offensive is the best strategy to employ. Read why below.
#1 Renting Security Expertise vs Having Your Own IT Security Expertise in the areas you have gaps. Stop trying to fill these gaps with W2 positions.
This is not a hard concept to understand. Small to Mid-market businesses need to rent real time threat analytics capabilities to augment staff. This is a real and very practical step that you can employ to prevent what is noted below. JP Morgan despite their enormous investment in IT Security commented that they are losing staff (See CEO Dimon’s Letter to Shareholders). With the complexity of systems and proprietary knowledge this is not good. JP Morgan has approximately 600 people in IT Security…and they can’t afford apparently to lose staff. What about you? Can you take parts of your IT Security operations and rent the expertise?
#2 Disaster Recovery Preparedness
Isn’t it amazing that just because JP Morgan identified the fact that they were hacked does not mean that the hackers have disappeared and run off. There are hundreds of systems working all the time that makes this a monumental task. How do you “root out” malware that is hidden at a ‘boot level’ and below the radars of traditional anti-virus? How do you keep business running while you are hacked? This is true business continuity isn’t it?
#3 Privilege Escalation
Where’s Waldo in this picture?
Here we go again. This is tough stuff. Are you trying to find Waldo in the complex maze of your Security Events? You can rest assured that JP Morgan Chase had technologies in place for detecting this. I believe that every business needs to have privilege escalation technology in place, preferably that which is being monitored by ‘rented’ dedicated personnel with expertise in Big Data Security Analytics. Below is JP Morgan Chase’s comment on privilege escalation. The biggest issue that I see is watching to find Waldo on a ‘real time’ basis versus weekly or monthly or quarterly or not at all. This is hard to do because today it is not enough to watch for ‘signature based’ only attacks. It is the anomalies and the subtle behavior that you need to find.