News

What is an Advanced Persistent Threat (APT) Attack?

Posted in: Advanced Persistent Threat, advanced persistent threats, air-gapped systems, APT, Big Data, cyber attacks, data discovery, end to end encryption, Infrastructure, IT Management, IT Strategy, malware, network security, NIST, phishing, ransomware, Security, security audits, Stuxnet - Jul 28, 2021

The global cybersecurity market was valued at $167.13 billion in 2020 and is expected to increase to $372.04 billion in 2028, according to Grand View Research. Where is all this growth coming from? The expansion of common cybercrime has caused many businesses to increase their security measures. But more than that, an increasing number of governments and larger enterprises are investing in critical infrastructure protection against advanced persistent threat (APT) attacks.

Read more: You Really Can’t Do Enough Security Training

Recognizing and Preventing APT Attacks

What is an APT Attack?

APT attacks are unique cybersecurity breaches that involve more planning and strategy than most other incursions. The idea is to carefully structure an attack with several iterations and carry them out over time, taking steps to minimize the chances for detection to maximize breach outcomes. 

APT attacks are often devastating and seem insurmountable, but with the right understanding of how these attacks work and the security infrastructure that recognizes them, your organization can stop — or at least mitigate — many of the most damaging attacks.

How Do APT Attacks Work?

APT attacks are not your average adversarial attack on a network data center. Most traditional ransomware and malware attacks involve short-lived, uncomplicated strikes. They can cause significant damage, but rarely have any additional layers, steps, or specific goals or targets when perpetrated by the malicious actor. 

An APT attack, on the other hand, is a long-term strategic grab at a nation’s or major enterprise’s most sensitive data. They involve extensive planning about what objects and goals the attackers hope to attain. 

APT attacks are usually only deployed against larger entities, like national governments or major corporations. 

An APT attack requires an elevated level of planning and expertise to discreetly gain initial access and conduct small attacks or data grabs over the course of months or years. 

Because these attacks require both patience and special skills to carry out, they are usually only deployed against larger entities that hold heavily protected sensitive information — like national governments or major corporations. An opposing government typically hires or backs highly trained experts that become malicious actors in APT attacks.

Step-By-Step Process for APT Attacks

Attackers conduct every APT attack based on the unique skillset and goals of the attacking party, but most include the following core steps. Keep in mind that these steps will be repeated and done in small iterations over the course of months or years in order to avoid detection by the network.

  1. Gain access. The attacking group uses phishing emails or malicious attachments against network users, or they take advantage of an application vulnerability.
  2. Deploy malware setup. Based on the initial point of access, attackers plant malware that communicates with one of their external servers about its findings in the network. Oftentimes, attackers will launch a more obvious attack against the network while they set up this malware, distracting network professionals from the more significant, long-term threat.
  3. Detect additional vulnerabilities. Once set up, the malware scans for additional vulnerabilities and entry points across the network and shares that information with the attacker’s external servers. This information helps attackers to find and manipulate additional vulnerabilities, should they lose access to their initial access points.
  4. Move laterally for data discovery. Now that the attackers have established and maintained a foothold in their target network, they begin to make lateral moves across different applications, software, and databases in the network in an attempt to find sensitive data sources. The types of data they are looking for can include anything from user logins and financial information to national security secrets and codes.
  5. Collect and transfer data out-of-network. As data that fits their goals is found throughout the network, that data is extracted (or copied and extracted), and then transported to the external server for attackers to use.

Signs of an APT Attack

The Stuxnet virus, launched against an Iranian uranium plant and uncovered in 2010, is one of the most sophisticated and effective APT attacks to date. Cybersecurity experts eventually discovered the virus buried in industrial control room computers, but the increased rate at which workers replaced centrifuges pointed to the problem before its discovery. 

It’s important to watch for hardware and equipment malfunctions that might indicate an APT attack, especially for highly sensitive government and business operations. 

Other potential signs of an APT attack include:

  • Unexpected or frequent logins from a particular user account
  • Increased number of phishing emails
  • Unexplained movement of data from one part of the network to another
  • Growing quantity of unusual activity detected by network security tools

How CIOs Can Prevent APT Attacks

Networks cannot prevent APT attacks 100% of the time, but they can mitigate risk with several key security practices.

  • Network security audits. These best practices can help you to better understand and regularly check the health of your hardware, software, and other important components of your data center or cloud.
  • Enterprise-wide security training. Network users are your biggest vulnerability, as APT attacks often launch through phishing. Establish and manage network use best practices for all employees via security training, network security policies, multi-factor authentication (MFA), password rules, and email filtering.
  • Avoid end-to-end encryption. Although it’s one of the latest trends in user privacy, avoid end-to-end encryption practices on your network. Too much internal user error and internal or external malevolent activity can fly under the radar of your network administrators with this level of search encryption.
  • Store sensitive data on an air-gapped device. Air-gapped networks are not always the most practical choice, as so many devices require constant network access, but they can work especially well for backup storage. Consider storing your most sensitive data on an air-gapped device that’s only accessible through external hardware or internal user passwords.

It’s also important for your organization to keep up with the latest compliance and security standards from trusted cybersecurity leaders, such as the National Institute of Standards and Technology (NIST). 

Tony Anscombe, chief security evangelist at ESET, believes that finding a strong cybersecurity framework is one of the most important steps you can take. “Avoiding APT attacks requires a cybersecurity culture throughout the design of the network and systems,” Anscombe said. “I recommend that all CIOs adopt a cybersecurity framework such as NIST and ensure that the technologies and actions taken to meet the standards of the framework continually evolve.”

Investing in Cybersecurity Resources

Most importantly, CIOs and enterprise leadership teams should invest in network security software to mitigate APT risk. Consider tools that specialize in endpoint security, network monitoring, network access control, antimalware, and patch management. 

If you’re looking for a proven solution, these are the top APT protection tools, as determined by the 2021 Radicati Market Quadrants study:

  • Symantec
  • Cisco
  • Kaspersky
  • ESET
  • Bitdefender
  • Palo Alto Networks

Combatting an APT Attack in Your Systems

APT attacks can have dire consequences due to their complex structure, their focused goals, and the time it takes to detect them. Beyond reporting the incident to appropriate parties and taking any requisite legal steps, Anscombe recommends the following measures to get through an APT attack:

“Actively monitor traffic, log network activity, and establish strict access controls,” said Anscombe. “Ensure 2FA is switched on for all access, regardless of whether the attempt is internal or external.”

“Disable all remote access and move to a zero trust policy, granting access only to those that need it. Sweep the network for malware, because it is often the case that multiple secondary infections may be present but dormant, in case the bad actor was detected. Deploy security patches and updates to all software and firmware, ensuring the initial compromised entry point is locked down.”

And when in doubt, Anscombe says you should “call in an expert cybersecurity organization with forensic abilities to assist.”

Read next: Ransomware Attacks Rise Dramatically

The post What is an Advanced Persistent Threat (APT) Attack? appeared first on CIO Insight.

top

How to Create a Business Continuity Plan

Posted in: Blogs, business continuity, business continuity management, business strategy, disaster recovery/business continuity, IT Strategy, Security - Jul 27, 2021

A business continuity plan is more important than ever. Hackers, bad weather, rolling blackouts, and now a global pandemic all show companies the importance of planning for a catastrophic event. Preparation is key to understanding how quickly a business can get back on its feet.

Unfortunately, many companies are only as good as the last disaster. But by following a few simple guidelines, any company should quickly bounce back after a major incident.

Read more: What is Adversarial Machine Learning?

What Is a Business Continuity Plan?

A Business Continuity Plan (BCP) plan describes the procedure a company needs to carry out to continue operating after any disruption. Unlike a Disaster Recovery Plan, a BCP goes beyond explaining the steps needed to restore technology resources and services. Instead, a BCP discusses how the entire business should move forward.

Large organizations are generally more prepared for a business disruption than their smaller counterparts. This is because most large corporations deal with more direct and indirect threats from internal and external forces. However, businesses of all sizes need to develop a continuity plan.

How to Create a Business Continuity Plan

Don’t Get Caught Up Planning for the Worst

Above all, keep things simple. Many companies overcomplicate their business continuity strategy by focusing on the absolute worst-case scenarios. For instance, planning for earthquakes in an area not prone to them should be considered, but not at the expense of more logical occurrences.

There are some things you shouldn’t or can’t plan for.

Limit the scope of your business continuity plan to actual threats, and remember: there are some things you shouldn’t or can’t plan for.

Hold Business Continuity Meetings

Having monthly meetings to hold the person or team responsible for business continuity is crucial to success. During these meetings, the team should present the current version of the BCP, assign out individual tasks, and examine and rank new threats. Keep everyone engaged and ask questions regarding events that are happening today.

These meetings can also be used to run the plan as if it was occurring in real time. If possible, the business continuity team should conduct drills every quarter to test the plan and make stakeholders aware of what needs to happen when a disruption occurs.

Read more: Top Disaster Recovery-as-a-Service Solutions

The point is, business continuity planning is extremely important. The key to successful execution is to not get tangled in arguments over what should be in the plan when a disruption is already occurring.

Business Continuity Is an Ongoing Process

There is a tendency to forget or push off the business continuity meetings when things are quiet again. Vigilance is required; keep thinking about what may happen to the business.

However, business continuity teams need to understand that not everything is an apocalyptic disaster. Keep a finger on the pulse of internal and external events, have monthly sessions, quarterly testing, and document any changes to the plan. Further, the team should regularly communicate to the organization, especially the executive team and board.

Be sure everyone understands what to do, who to call, and where to go.

Smaller businesses might have a single person assigned to continuity planning, but they should do the same things a team would. Regardless of your team’s size, be sure everyone understands what to do, who to call, and where to go when the need arises.

Don’t Panic

Finally, don’t panic. Many companies provide business continuity services, which might be a good option for larger enterprises. Most small to medium companies can find resources to create a business continuity plan with little to no guidance.

The Federal Government’s business continuity plan guidelines are a good starting point if you’re unsure. Be prudent and review the steps outlined. If needed, seek a professional, reputable business continuity firm that specializes in your organization’s needs.

Create Your Business Continuity Plan

Business continuity isn’t just about technology. It is the overall procedures that keep the business going when things go wrong. Companies should plan for worst-case scenarios, but be practical in your business continuity scope and testing.

To be prepared, you should have monthly meetings, conduct quarterly drills, make changes when necessary, and most importantly — don’t panic.

Read next: How to Create a Disaster Recovery Plan

The post How to Create a Business Continuity Plan appeared first on CIO Insight.

top

How to Create a Disaster Recovery Plan

Posted in: automated disaster recovery, backup and disaster recovery, cloud disaster recovery, disaster planning, disaster recovery as a service, Disaster Recovery Plan, disaster recovery solutions, disaster recovery/business continuity, Disaster Response team, Infrastructure, IT Strategy, Security - Jul 26, 2021

Disaster is a nebulous term in IT. Whether the cause is natural (a fire in your data center) or manmade (a ransomware attack), an IT disaster threatens the safety of company data, resources, and personnel. This is why an IT Disaster Recovery Plan (DRP) is an integral part of your organization’s broader business continuity strategy.

Here, we discuss the steps for creating a DRP that can handle any disaster, no matter the severity.

How to Create a Disaster Recovery Plan

Step 1: Identify Interconnected Resources

When developing a DRP, you must first identify all the resources and infrastructure that could be impacted by a disaster. More importantly, you should identify points of interconnection. In the age of digital transformation, many previously siloed systems — such as industrial equipment — are now web-enabled and therefore more vulnerable.

Read more: Ransomware Attacks Rise Dramatically

As part of this step, you should also identify your incident response team. According to Flexential, this team should include:

  • Executive management to approve the strategy, policies, and budget
  • Crisis management coordinator to lead initiate the plan and coordinate teams
  • Business continuity expert to ensure the plan is in line with overall business goals
  • Impact assessment and recovery team made up of networking, server, storage, and database representatives
  • IT applications monitor to handle any changes to business applications, as well as integrations

Flexential’s guide also suggests bringing on critical business unit advisors to provide additional feedback to the incident response team. Either way, your DRP will be more successful when you have input from multiple teams.

Step 2: Assess Vulnerabilities

Your IT infrastructure is only as secure as its weakest point. When creating a DRP, you need to find these weak points and outline steps to mitigate damage if they become compromised. Further, you need to take steps to shore up these vulnerabilities before they become a problem. Above all, you want to avoid a series of cascading failures.

Another important part of assessing your vulnerabilities is studying previous disasters in your company and sector. What lessons can you learn from past mistakes?

Step 3: Determine the Impact of a Disaster

What constitutes a disaster for your organization? Your DRP should clearly outline steps to determine the severity of an event. Too many businesses have failed to adequately anticipate the scope of a disaster, with predictably disastrous results.

Here’s an example: “For a major bank, the online banking system might be a critical workload — the bank needs to minimize time and data loss,” notes IBM’s guide to backup and disaster recovery. “However, the bank’s employee time-tracking application is less important. In the event of a disaster, the bank could allow that application to be down for several hours or even a day.”

When determining severity, the disaster response team should consider the following:

  • Company budget
  • Insurance coverage
  • Damage to personnel
  • Damage to hardware and property
  • Data loss
  • Integrity of backups
  • Legal and compliance ramifications

Even a relatively minor event can snowball into a true disaster if any impacted resource is overlooked. Your DRP should help the response team conduct an all-inclusive audit of affected systems.

Step 4: Develop a Short-Term Plan

The window immediately following a disaster is a critical time period. Your team needs to act quickly to quarantine affected systems, switch over to backups, and/or remove damaged resources. The short-term disaster recovery plan outlines the immediate steps your team should take as soon as an event is discovered.

In general, a short-term DRP should address vital business and IT needs, such as:

  • Assessing the severity and scope of damage
  • Implementing failover processes
  • Reestablishing access to mission-critical functions and resources

The main priorities of the short-term disaster recovery plan are identifying and isolating the problem, ensuring the safety of staff and equipment, and mitigating business disruptions.

Step 5: Develop a Long-Term Plan

It’s important for your DRP to go beyond the short-term response. Once the immediate threat is gone, the disaster recovery team needs to begin the hard work of recovering or replacing lost data, hardware, and other resources.

Further, the team needs to implement facility, security, and operations improvements to prevent similar disruptions in the future. Depending on your organization’s business continuity plan and needs, as well as the severity of damage, this could involve months — or even years — of work.

Your disaster recovery plan must have recovery steps that are specific to your industry and the disaster itself. In fact, Acronis’ guide outlines four types of DRPs you may want to develop:

  • Virtualized Disaster Recovery Plan for IT infrastructure located on an offsite VM
  • Network Disaster Recovery Plan to respond to unplanned network service outages
  • Cloud Disaster Recovery Plan for systems and data backed up to a public cloud
  • Data Center Disaster Recovery Plan for a separate facility to be used when disaster strikes your primary data center

Depending on your business and IT needs, your long-term disaster recovery plan may require significant company resources to implement. However, it’s not difficult to find recent examples of businesses that failed to properly invest in disaster preparedness.

Carrying out a long-term disaster recovery plan after an event occurs is an investment in the future integrity of your company’s critical systems.

Step 6: DRP Testing

Before disaster strikes, your team needs to know the DRP will work. Luckily, there are multiple methods for testing a disaster recovery plan. According to Nakivo, there are four generally accepted testing methodologies:

  • Plan Review: A thorough audit of your current DRP documentation.
  • Tabletop Run-Through: A meeting in which your response team does a step-by-step walkthrough of the plan, as if a disaster had occurred.
  • Scenario Simulation: The DRP is executed in a test environment with no business interruption.
  • Full Disaster Recovery Simulation: Your main site’s operations are taken down, and an offsite recovery is attempted.

In the course of DRP testing, the weaknesses and strengths of your disaster recovery plan should become clear. Updating your plan to address these overlooked points is part of creating a disaster recovery plan your company can count on.

Explore DRaaS Solutions

Putting a disaster recovery plan into practice can be very expensive. Fortunately, several vendors offer Disaster Recovery-as-a-Service (DRaaS), which can reduce the cost of implementing and maintaining disaster recovery. These services typically offer failover and failback, testing, scalable models, reporting, and monitoring.

Some DRaaS vendors we recommend include:

See our full list of the Top Disaster Recovery-as-a-Service Solutions.

The post How to Create a Disaster Recovery Plan appeared first on CIO Insight.

top

Perspective on BI: Change Your Data Mindset for Informed Decision Making

Posted in: Business Intelligence - Jul 23, 2021

Instilling a data-driven culture with infused analytics fuels efficiency and drives innovation. top

Ransomware Attacks Rise Dramatically

Posted in: Blogs, cyberattack, cybersecurity, InfoSec, operational technology, phishing, phishing attacks, phishing emails, ransomware, Security - Jul 22, 2021

Success breeds success, as they say. And the rich rewards being reaped by ransomware attacks have led to a surge in these incidents. According to the Cybersecurity Threatscape by Positive Technologies, ransomware is now used in 45% of all malware-related attacks against organizations.

Read more: How to Handle Security Incidents and Data Breaches

Hackers Target Industrial and Health Sectors

Cyberattacks grew by 51% last year compared to 2019, and their frequency continues to rise. That is an awful lot of potential ransom dollars.

Attacks are becoming more targeted, too. There was a 91% jump in cyberattacks on industrial companies and a 54% rise in malware-related attacks to industrial firms compared to 2019. Similarly, the number of attacks on medical institutions increased by 91% — making the health care sector the top target for ransomware attacks currently.

The number of attacks on medical institutions increased by 91% last year.

“Amid the COVID-19 pandemic and overloaded health systems worldwide, hackers added fuel to the fire by disrupting the availability of medical information systems with devastating consequences,” said Positive Technologies analyst Yana Yurakova.

“In 2020, the total damage caused by ransomware attacks against medical institutions in the U.S. was estimated to reach $20.8 billion.”

Cyberattacks Become Less Random

Phishing is aptly named. You send out malicious links and attachments posing as a trusted source in order to get some unfortunate person to click, and then introduce malware into the enterprise. Like fishing, you put the line into the water and see what kind of fish comes along.

Traditional phishing is all about volume. You blast out loads of emails and sometimes you get a bite. But those days are coming to an end. The bad guys have decided to skip the sardines and go after marlin. According to the report, 7 out of 10 attacks are now aimed against specific, high-potential targets.

Industrial organizations, hospitals, financial services firms, schools, and local government are all ripe for a malicious campaign. They either represent deep pockets, or provide a service that can’t be denied to its users for any length of time. As such, the most popular targets are:

  • Government institutions (19%)
  • Industrial companies (12%)
  • Medical institutions (9%)

Digital Transformation Creates New Targets

The industrial category represents a fairly new phenomenon in cybercrime. With digital transformation becoming something of a watchword, those in industry have been merrily tearing down the barriers between their IT systems and the Operational Technology (OT) systems that sit on the shop floor or production line. The result is a spike in attacks on industrial targets, with the Colonial Pipeline hack being the most notable.

Even more recently, vulnerabilities were found to exist in widely used Siemens programmable logic controllers (PLCs). These devices are used in assembly lines, industrial processes, power generation, and other facets of industry.

Read more: You Really Can’t Do Enough Security Training

Part of the problem is inexperience. When hackers began to use viruses in the early days, it was relatively easy to infect a user. Over time, antivirus and other protections became more mature. And users started to learn better security practices.

In the world of OT, this is all new. Some systems date back decades, and security was the last thing on the minds of their developers. As soon as you web-enable or digitize these applications, systems, and devices, it’s a Pandora’s Box in reverse — Pandora has a good chance of breaching the enterprise.

Cybersecurity Must Evolve

The Positive Technologies report noted that industrial companies are being attacked by a number of different ransomware variants stemming from various criminal gangs. Some of them delete backup files before starting the encryption process. They can also stop industrial control systems in their tracks. Phishing frequency against industrial targets is also on the increase.

Dmitry Darensky, Head of Industrial Cybersecurity Practice at Positive Technologies, listed a variety of other breaches of industrial targets: water infrastructure breached in Israel, an Indian power outage due to a cyberattack, and companies such as Huber+Suhner and Honda being forced to halt operations because of breaches.

Penetration tests or threat modeling audits are not enough to provide a sufficient assessment of current risks.

He added that penetration tests or threat modeling audits are not enough to provide a sufficient assessment of current risks. Neither are conventional security assessments.

“To simulate an attack without affecting real-life systems, digital twins or a cyber-range can be used,” said Darensky. “A cyber-range provides a safe environment where experts can get the most comprehensive picture of whether certain risks can be triggered (for example, oil storage overflow), protection mechanisms will respond in time, and infosec teams will detect and stop an incident.”

The post Ransomware Attacks Rise Dramatically appeared first on CIO Insight.

top

Daman News and Events

This showcases our company news and upcoming events. Please check back as this page will change frequently.