Rapid Attack Remediation and Cyber Risk Management – Panel Discussion with ISACA Singapore
Every organization is prone to numerous cyber-attacks and data breaches that may result in critical data loss. With the growing severeness of attack patterns and complexities of threats, it has become challenging to detect, contain and remediate these attacks on time. Organizations must develop a suitable framework to combat cyberattacks through improvised risk management solutions.
SISA in collaboration with ISACA Singapore conducted a CPE (Continuing Professional Education) session on September 15, 2021, providing insights on the importance of Rapid Attack Remediation and Cyber Risk Management. The following speakers enlightened on the topic: Attack Simulation & Rapid Response and Cyber Risk Management & Zero Trust Security.
- Renju Varghese, Vice President at SISA.
- Prajwal Gowda, Lead Consultant at SISA.
Attendees of the webinar were able to gain knowledge on attack patterns and trends in cyber threats, how to effectively combat incidents and reduce lead time, ways to improve cyber risk management, and the pros & cons of Zero Trust security implementation.
Key Cyber Security Trends
According to the observations made by Forensic Security Investigators across the globe, the following cyber security trends have most come across:
- Ransomware Attacks: Increasing sophistication of attacks where the intruders transfer the crucial data and encrypt it.
- Supply Chain Attacks: Intruder injects the unknown or malicious code via a cloud-hosted environment.
- Remote Working: Network controls get mitigated due to remote working in the pandemic, increasing the attack surface.
Cyber Trends Report – Singapore
A factual report on the Singapore cyber trends highlighted the evident increase in cyber-attacks experienced by many industries during the pandemic. Organizations like banks, insurers, financial institutions, and other companies observed substantial growth in the cyber threats which resulted in major financial and data losses. The Asia Pacific region solely accounted for about 25% of cyber-attacks, stating the maintenance of security devices and policies as one of the biggest challenges.
Attack Simulation & Rapid Response
Current Vulnerability Trends
Vulnerability trends observed by forensic experts address the loopholes in the framework of organizations that make them prone to exploitation by a threat actor. These loopholes over time give rise to the varying attack patterns and data breaches resulting in the following:
- Multi-factor authentication – Even after the implementation of multi-factor authentication, systems become vulnerable to attacks due to misconfiguration.
- Custom Malware – Intruders evade the network solutions using specially designed malware for system penetration.
- Improper access control – A very common trend of assigning high privilege access to user accounts, test/UAT accounts paves way for attackers.
- Storing user credentials – More than 50% of the forensic cases, admins store the usernames and passwords in clear text making them easily accessible to threat actors.
- Cloud environment – A shift to the cloud environment opens many vulnerabilities due to misconfiguration.
- Genuine tools for malicious activity – Intruders understand the data environment and the kind of software/applications to misuse them for malicious activity.
- Unknown or insecure data storage – Unknowingly storing sensitive data like application passwords, card data, PII data, critical files in logs or databases.
- Lack of logs – Lesser number of logs in contrast to the number required for collection and monitoring.
- Outbound internet access – Most of the connections are prone to malware due to unrestricted outbound internet access.
Work From Home: A Case Study
A standard case study observed that the hackers use various social engineering techniques to penetrate the network environment and misuse sensitive data for malicious activities. It is very easy for attackers to gain certain knowledge about the organization and use phishing emails, spam, or phone calls to spread the malware to the entire system.
Since the beginning of the pandemic, cyber-attackers have started targeting the remotely working employees more. A typical attack can break through even the latest security solutions with severe intruding mechanisms and obtain sensitive information. Therefore, it is necessary to deploy some methods to improve cyber resilience with rapid attack remediation.
Rapid Incident Response
To curb the onset of increasing cyber-attacks organizations need to take some vital steps and adopt the required methods for Rapid Incident Response.
- A Rapid Incident Response team takes care of and knows how to respond to a particular security incident.
- The organization must be capable of detecting C2 communications by deploying appropriate network security solutions.
- An incident response tool is also important to help identify potential threats to the system, isolate them from the network and recover the system.
- A detailed Forensic Analysis of the system helps contain the attacks rapidly.
- Some of the logs that are required for effective monitoring are DNS Query logs, Linux logs, Windows server logs, Web proxy logs, Domain controller security logs, WAF logs, Web server access logs, IPS/IDS logs, DLP logs, etc.
Cyber Risk Management & Zero Trust
Cohesive Risk Management
Risk assessment is the first and foremost step to implement any particular security control. A typical risk assessment strategy should always be business-centric and must include people, processes, and technology.
Risk Management is necessary to identify the existing risks in an organization and what steps should be taken to mitigate those risks. The different parameters that should be inculcated for cohesive Risk Management are:
- Network Security
- Effective governance structure
- Assessment of risk appetite
- Policies and procedures
- Incident management
- Proactive monitoring
A hybrid approach towards security that includes the compliance standards of ISO, NIST, and OCTAVE is generally recommended as it covers all the different parameters of risk management.
Zero Trust Security
Started in 2010, Zero Trust Security is a framework based on the belief that organizations should not trust or give access to anything/anyone including people, devices, workload, data, and network, whether it is outside or inside their circle.
Implementation of Zero Trust Security
Several ways should be incorporated for organizations to be able to successfully implement the Zero Trust Security framework. Some of the most important aspects of implementing such a model are as follows:
- Effective identity and access management solution
- Controlling user authentication
- Proper credential evaluating mechanism
- Making trust determinations
- Enforcing least privilege
- Securing administrative rights
- Leveraging adaptive access controls
- Updated training mechanism
There are rapidly increasing chances for any organization to deal with cyber-attacks. Cyber resilience refers to the ability to perform and meet the organization’s objective even after certain compromises to the system. It is a four-step process based on a feedback loop that includes:
- Evaluate – Evaluate the current cyber security posture by performing internal/certified audits.
- Improve – Based on the evaluation, improve the cyber security posture.
- Develop – Develop policies for the security structure.
- Re-evaluate – Re-evaluate the improved security posture and policies.
SISA, a leading forensics-driven global cyber security expert provides support to organizations by strengthening their cyber security posture through the medium of its robust products, services, and training. As one of the top global Forensic Investigator, SISA is a trusted partner for providing Compliance Services, Security Testing, Cyber Resilience Services like MDR and Data Protection services.