Effective cyber security in a crisis

(35927685)

Sponsored Content

DID you know there are more than 80 staff at Clarity supporting over 300 clients?

Our in-house InfoSec team of five includes two CISSPs and holds qualifications in information security, systems engineering, cyber essentials and assurance audit, penetration testing, digital forensics for incident response and eDiscovery. The team is avidly interested in all aspects of InfoSec, producing locally focused regular threat intelligence reports.

Crises, like buses, tend to arrive together. Unlike buses, cyber-attacks are designed this way. The groundwork and structure needed to deflect, prevent and act in a crisis (or crises) starts with an informed and knowledgeable board, which provides the direction to attain a risk-appropriate level of cyber security. Legal, information technology and compliance support, whether internal or external, need matching levels of skill and judgment to assure good cyber security.

An ability to ‘see’ where your bus is on an app offers the ability to predict its arrival. The system combines signals and technology, exactly the elements required for effective oversight of company systems. A view of current and past states provides the elevation required to observe, prevent and curtail an attack before it arrives.

Policy controls on system use, antivirus, system patching and restriction of admin-level permissions are all simple and effective cyber security tools. Active managed detection and response supplements antivirus detection to provide deep insight for understanding normal operations and stopping in-progress attacks. Cyber incidents may build to calamity. However, with sufficient preparation, they can be stopped. Extended remote logging of essential system records can provide an ability to reverse-engineer attack methodology and evict a persistent, embedded attacker.

Cyber-attackers are consistently lazy, using tried and tested methods to deliver attacks. The first stop is often phishing, a persistent infection vector. With initial access gained, attackers move across networks, install multiple backdoors for persistent access and seek opportunities for new targets.

Malware, data theft, extortion and ransomware often follow. This part of the journey can take hours, weeks or months following the initial compromise. Predictable attack patterns present opportunities to stop attacks in progress. Active monitoring, company policy and readyto-go incident response playbooks provide the tools to respond. Each playbook addresses a different type of cyber event and sets out roles to assign, data to gather, people to contact and technical measures to take. Rolebased rehearsal of playbook procedures enables effective crisis response.

Like a well-run bus service, confidence in cyber security stems from good infrastructure, equipment, monitoring and a workable backup route. If all else fails company backups and business continuity plans must succeed. With a gradual move towards public cloud and service adoption, understanding where company data reside and how to recover them is becoming correspondingly more resource intensive. Like incident response, implementing continuity plans requires rehearsal and testing to assure their success under stress. The Clarity security team is always keen to assist. Contact us for a copy of our latest threat intelligence report and, if you’d like, talk a little security.

– Advertisement –
– Advertisement –