In the wake of the massive Target Corp. security breach of 2013, organizations and IT managers trusted with protecting sensitive information are more alert than ever to the possibilities of cyber attacks on their own technological turf.
As a result, extra measures and precautions are being taken to better protect data and minimize the damage caused by cyber attacks. And in light of Target’s admission that early signs of the cyber attack were ignored, IT managers are more focused than ever on detecting early warning signs to predict and prevent cyber security breaches before they occur.
Spotting telltale signs
By exercising greater vigilance in analyzing their networks, IT security specialists can detect many of the typical signs that signal a malicious attempt to breach the system. While highly sophisticated threats may lie beneath the radar, threats such as Malware, DDoS, and cyber espionage are all preceded by early warning signs.
Knowing what to look for
In the case of a DDoS attack, a sudden increase in packet transfers and WAN traffic is a strong indication that a DDoS attempt is in progress. Since that attempt usually involves a flood of malformed packets, by testing the quality of the spike in traffic, analysts can tell whether the network is experiencing peak demand or the early stages of a malicious attempt to crash the servers. And if that spike in traffic is determined to traverse unused ports or come from invalid IP addresses, that’s a strong indication of an attempt to introduce a virus into the system.
Slow network performance, the inability to access certain websites, and a sudden increase in receiving spam content are also good indicators that a network is under attack. Once these telltale signs are detected, pre-emptive measures can be taken to either prevent a cyber attack or mitigate the damage in the event that a breach occurs. The ability of cyber security experts to adopt a hacker mentality can help them do a better job of:
Detecting threats from within
While the Target breach succeeded in shining the spotlight on cyber attacks from without, organizations cannot afford to ignore the very real threat of assaults from within. After all, cyber threats from inside an organization are typically the most difficult to detect. While implementing a comprehensive Security Information and Event Management (SIEM) tool is an important first step to detecting internal attacks, IT managers need to insist that organizations take a structured approach to storing their data. With specific procedures in place, IT can more readily identify and track access to sensitive information. In addition, by applying different levels of access control to more sensitive areas of the network, data remains more secure by limiting access only to those who need it.
The rapid adoption of BYOD calls for organizations to tighten internal security. At the very minimum, companies allowing BYOD need to make sure that all employees understand and adhere to strict and straightforward policies regarding the proper and improper use of the devices they bring into the workplace. As an added precaution, IT should be on the lookout for unusual access patterns or after-work network activities that could indicate that internal cyber attacks on sensitive information are in progress. You may even consider tracking access patterns on the cloud and self service portal systems. Tracking LAN traffic can also help IT to pinpoint and contain BYOD threats from their point of origin.
Becoming proactive and predictive
The days of organizations and IT taking reactive approaches to cyber security are over. As the threat of cyber attacks from within continues to escalate, organizations need to take proactive precautions, such as closer monitoring, using an SIEM solution and leveraging the power of predictive analytics to deter and prevent internal breaches.
An important takeaway from the Target breach with respect to cyber security for all organizations is that all the warning signs, alerts and precautions in the world will do no good unless deliberate and immediate action is taken. Target’s admission that its security team basically ignored early alerts that malicious software had entered its network is a cautionary tale for all IT security professionals. Target’s CIO has since resigned. As a Target spokeswoman recently told the Associated Press, “With the benefit of hindsight, we are investigating whether, if different judgments had been made, the outcome may have been different.”
Hopefully the Target breach will result in a greater resolve by all organizations to do a better job of predicting and preventing cyber attacks before they occur.