Talking the TalkTalk in a Week of Cyber-Insecurity

[Audrey McNeil <audrey () riskbasedsecurity com>]

http://www.infosecurity-magazine.com/opinions/talking-the-talktalk/

The last few weeks have been eventful in the cybersecurity world, with
three high-profile data breaches being revealed.  We’ve become fairly
accustomed to hearing about security breaches and while most businesses are
becoming aware that it isn’t a case of ‘if’ they are hacked, but ‘when’,
events in the UK over the course of the seven days between 22 and 29
October 2015 indicate just how complex cyber security is today.

First ISP TalkTalk announced that it had been the victim of a cyber-attack
and is, to date, unsure how many of its four million customers are
affected; a Marks & Spencer ‘website glitch’ meant that customers’ personal
information was displayed to other users when they logged into their online
accounts; and British Gas revealed that around 2,200 user account details
had been posted online – but claimed the leak had not come from the company
itself, leading to speculation that a phishing attack may have resulted in
credentials being stolen.

What is most notable about this spate of breaches is the fact that the
cause of each one was different, though the outcome was the same – customer
personal data leaked.

Each of these very real scenarios highlights the diverse ways systems can
be breached.  A priority for any organization has to be protecting its
customers’ personal data and the consequences of failing to do so can be
severe, yet many are struggling to do this effectively and never has that
been more apparent than over the last few days.

Breaking Down the Defensible Perimeter

It wasn’t so long ago that organizations felt that they could install some
antivirus and a few firewalls and be fairly confident that their systems
were secured.  However, IT environments have become far more vulnerable as
trends, such as the cloud, have broken down the defensible perimeter and
added layers of complexity to security strategies. What’s more, cyber
criminals have become increasingly sophisticated and determined – if they
want to get past security defenses, they’ll find a way and, if the breaches
of TalkTalk, British Gas and Marks & Spencer show anything, it is the many
different threat vectors that they have at their disposal.

While it appears that Marks & Spencer’s breach was a result of internal
difficulties, rather than external thieves, it shows just how easily
anomalies can occur and, if they aren’t detected, can result in the loss of
data.

As it stands, most organizations are overly reliant on perimeter security
tools and, while many are realizing that this isn’t enough, this means that
you could run into difficulty if you were attempting to comprehend the
amount of work involved in monitoring your networks and identifying threats.

Threat detection tends to be based on various security sensors that scan
for suspicious behavior or known signatures of malicious activity. These
sensors provide a continuous stream of data related to threat events but,
for some, there can be thousands, or even hundreds of thousands, of events
every hour.  The resulting quantity of data means that your security teams
could struggle to understand which threats need further investigation – let
alone shut-down any suspicious activity quickly.

Clearly, the more time it takes you to detect a breach, the more time it
takes you to respond and, during this time, a serious amount of damage can
be done.  With a multitude of threats out there, your organizations may
need a more effective strategy that will not only allow you to see and
evaluate every single threat, but also allow you  to mitigate them in as
little time as possible.

The Right Info to the Right People at the Right Time

An effective IT security strategy is dependent on skilled people,
well-defined polices and processes, as well as technology – which is
critical in boosting human expertise.  Security teams need as much
information as possible to quickly evaluate threats to understand the level
of risk, as well as whether an incident has occurred, and this requires
intelligent security systems.  It is critical that, rather than simply
scanning for threats and raising an alarm if something suspicious in
identified, these systems are able to deliver actionable insight, with
supporting forensic data and contextually rich intelligence.

This ensures that the right information is delivered to you at the right
time, to the right people, with the appropriate context attached, which
will significantly decrease the amount of time it takes to detect and
respond to threats.  What’s more, not only does this provide rich
intelligence on security incidents, but continuous monitoring of the
network will also allow IT teams to see if there are any technical issues
that need attention.

If we take any positives from the TalkTalk, Marks & Spencer and British Gas
breaches it should be that they highlight just how critical it is to have
intelligent security strategies in place alongside a robust and solid
framework.  Each is a high-profile organization and if they can become a
victim, anyone can.  While it may be almost impossible to prevent a breach
nowadays, it is not impossible for you to limit the damage – but only by
taking an intelligent approach to security.

_______________________________________________
Dataloss Mailing List (dataloss () datalossdb org)
Archived at http://seclists.org/dataloss/
Unsubscribe at http://lists.osvdb.org/mailman/listinfo/dataloss
For inquiries regarding use or licensing of data, e-mail
        sales () riskbasedsecurity com 

Supporters:

Risk Based Security (http://www.riskbasedsecurity.com/)
YourCISO is an affordable SaaS solution that provides a comprehensive information security program that ensures focus 
on the right security.  If you need security help or want to provide real risk reduction for your clients contact us!