Routing the enemy within – LogRhythm
Article by LogRhythm Asia Pacific & Japan senior regional marketing director Joanne Wong
Do you expect high tech attacks to be swift and dramatic – the sort that makes the news and brings companies to their metaphorical knees?
Data breaches and cyber-attacks have become a dime a dozen in Australia in recent years.
Barely a week goes by without news of another organisation that’s been hit or hacked.
This year’s roll call of victims includes Canva, the Australian Catholic University, Australia Post and outdoor chain Kathmandu.
But while larger organisations and incidents hog the headlines, plenty of illicit activity is slipping under the radar – and staying there.
Savvy and subtle hackers and cyber-criminals who succeed in bypassing the perimeter can roam networks for extended periods before detection, harvesting data and laying the groundwork for later attacks.
How long, you ask?
A hundred and ninety-seven days, it seems, given that’s the meantime taken to detect a data breach, according to Ponemon Institute’s latest study.
That’s six full months of access to systems and infrastructure – and a further 69 days after detection, on average, before a threat is fully eliminated.
Here are three things infiltrators can do at their leisure once they’ve penetrated your defences:
Access (and exploit) customer data
A business isn’t a business without customers.
Whether they’re individuals or other businesses, it’s likely you have a wealth of data on file about yours.
Think names of key personnel, phone numbers, email addresses, banking details, regular ordering patterns and more.
A breach which results in such data being compromised is more than a mere inconvenience, as listed Australian property valuation company LandMark White found out to its cost earlier this year.
The breach of one of its valuation platforms resulted in the theft of almost 140,000 records and a damages bill of around $7 million, by the time the dust settled.
Australia’s stringent privacy regime and the European Union’s even more stringent GDPR one to which local enterprises may be subject can see organisations slapped with six and seven-figure fines if they fail to remediate such incidents appropriately within the requisite time frame.
Leapfrog across to customers’ and suppliers’ systems
Just because you’ve been targeted, it doesn’t mean your business is the target.
It’s possible it’s just a waystation en route to the hackers’ final destination – the enterprise network of one of your suppliers or customers.
‘Island hopping’, the use of one company’s network to launch an incursion on a third party, is on the rise.
Recent research suggests it’s a component of more than half of today’s cyber-attacks.
Sideways movement within your enterprise is also a significant risk.
An ‘in’ via the customer service portal, for example, may represent a scenic route to the accounts or product development division where more valuable information and data are stored.
Start digging for digital treasure
Joined the crypto-currency craze yet or decided you and your enterprise would prefer to give bitcoin et al a wide berth?
Illicit infiltrators may not share your reluctance.
Hijacking the IT infrastructure of companies to perform crypto-currency mining operations is a popular gambit for hackers.
It’s done by installing software that co-opts your processing power – and may compromise or corrupt your systems in the process.
Plant remote access trojans
Open all hours?
Your systems will be if hackers succeed in planting remote access trojans which enable them to access and use your network from anywhere.
Their best chance of doing so is by targeting employees with phishing emails requesting them to click on rogue links.
If they comply, it can be ‘open sesame’ to your critical systems and sensitive data.
Strengthening the defences
There’s a variety of ways to strengthen your defences against cyber-criminals and hackers of all stripes.
Establishing a baseline for normal network activity is a sensible first step and user and entity behaviour analytics tools can make this task simpler than once it was.
By harnessing the power of machine learning, they’re able to record and analyse network usage patterns over an extended period and then use that information to flag anomalies immediately they occur – not weeks and months after suspect activities commenced.
Auditing your perimeter defences to ensure they mitigate current threats adequately and pensioning off outdated systems which are no longer subject to security patching programs will stand you in good stead.
Meanwhile, keeping a weather eye on the human element is also wise.
There’s no need for the ill-intentioned to expend time and energy looking for a high-tech in if their ends can be achieved by applying for a job and logging on legitimately.
Once onboard, they may co-opt other employees to their cause, or persuade them to turn a blind eye to their activities.
Implementing stringent hiring practices, as well as solutions which detect unusual network behaviour from both inside and outside the organisation, may help you to identify and arrest fifth column activity before significant damage is done.