There’s a stranger in your kitchen, leisurely enjoying a cup of coffee. After recovering your composure, you call 9-1-1, but the stranger suddenly disappears. The police arrive in a few minutes, yet it takes them 72 hours to find the culprit—still in your house but now in the attic. The mystery doesn’t end there…following questioning, the police discover this intruder has been hiding, eating your food, and drinking your coffee for the past three months!
While a story like this doesn’t happen in real life, it does paint a picture of what can happen in the world of cybersecurity, where companies are often unaware when digital assets have been breached. According to a 2020 report from IBM, it takes companies an average of nearly 200 days to identify attacks on their IT infrastructures, and then about 70 more days to contain the breach.
Without the right cybersecurity protection tools, a threat actor may be lurking inside your network and accessing your digital assets even as you read this article. In addition to leveraging sophisticated techniques to get in, they also know how to hide on your network. Finding them and getting rid of them can be difficult tasks.
Easy-to-Use Cloud Can Also Open Doors for Cybercriminals
Last month, in one of our most recent PulseOne Tech Talks, I spoke with John McGloughlin, founder of GuardSight, a provider of cybersecurity consulting and services. In our conversation, John provided a helpful rundown of how to know if your IT infrastructure has been breached.
Following his advice is particularly important for businesses running their IT systems in the cloud, where it’s easier for bad guys to find you. Cloud devices generally do not have vulnerabilities because cloud providers do a good job of maintaining their infrastructures. Businesses that set up their cloud infrastructures on their own may not configure the device security settings correctly.
“They just want to get something running in the cloud and don’t take the time or have the expertise to configure the correct settings,” says McGloughlin. “What makes the cloud easy to set up also opens the cloud to attacks.”
Hear the “Noise” Early to Limit Exposure
During the interview, McGloughlin recommends businesses proactively manage risks and prepare for business continuity to keep their businesses resilient. It’s not just backing up data, you also need to be able to restore quickly.
“When cybercriminals breach an environment, their first mission is usually to conduct reconnaissance to see what’s out there,” McLoughlin adds. “This activity usually creates ‘noise’ that can be detected with the right security tools.”
It’s critical to hear this noise and find cybercriminals quickly. The longer they are there, the harder it will be to remove all the weapons they create (such as malware) and the more damage they can do.
NIST Framework Provides Detection Guidance
For businesses in the early stages of trying to determine when bad guys are present on their network, McGloughlin endorses following the principles of the NIST cybersecurity framework. In addition to providing guidance on how to detect cyberattacks, you can also get an understanding of how to respond and recover from any breaches that occur.
Step 1: Know what you have
The first step is to identify your digital assets. By knowing what you have, each asset’s value to your business, and the current vulnerabilities of each asset, you will be better able to determine when an asset is under attack and to prioritize your responses.
Step 2: Know when something is happening
To detect attacks, deploy sensors such as network taps and firewall logs to collect log data and then analyze the logs. “The historical information in the logs will help you track threat actors throughout the kill chain and know how long they have been there,” McGloughlin says.
Step 3: Know how to identify malicious behavior
The logs also help you identify normal behavior vs. malicious behavior so you can prevent or contain the damage. “For any breaches that occur, conduct a vulnerability assessment,” recommends McGloughlin. “This will help you determine how they got in and patch that vulnerability.”
Following the NIST guidelines and McGloughlin’s advice can pay big dividends in protecting your digital assets. But also make sure you also find a way to keep that stranger out of your kitchen!
To learn more about the managed security services GuardSight offers, check out their website. And for more information on how to know when your network infrastructure has been breached, or to get more information about our Security Assessment services, contact PulseOne today.
