Guiding the Response to a Cybersecurity Breach – IoT World Today

While much has been made of preventing cyber breaches, it’s vital to plan for the rapid response once the worst has already occurred.

Across IT, cyber criminals are exploiting vulnerabilities in record time and have forged ahead off the back of commoditized toolkits made available through the dark web – known as cybercrime-as-a-service.

Ransomware especially is becoming a thorn in the side of the connected transformation, and each financial quarter it seems is punctuated with reports of a major breach.

Given the scale of the threat, the enterprise’s playbook must clearly prioritize which responses to mount first in case of an attack, according to Dr Pranshu Bajpai, a security researcher commenting as an independent field expert.

“After gaining initial access, ransomware often seek lateral movement to infiltrate deeper into internal environments…,” he said.

A glance at the National Institute of Standards and Technology’s database provides little comfort. As of August 2^nd, the U.S watchdog and research board had already processed 63 potential new flaws that month, following almost 1,600 in July.

After the Breach has Hit

The exact response will depend on the IoT systems involved, says Jen Ellis, vice-president of community and public affairs at cybersecurity analytics, automation, and services provider Rapid7. An assessment might reveal specific units should be put into quarantine or, in especially sensitive breaches, the responder might defer action to avoid alerting the attacker.

Automated incident response systems – orchestrating workflows, evidence and strategies – can handle some workloads so long as the victim had the foresight to invest. According to IBM data cited by Varonis, the enterprises that did so saved $1.6 million on average.

Connected functions in the physical world mean the stakes for attacks involving IoT are raised, with critical infrastructure increasingly put at risk.

IoT also strengthens the cyber criminal’s reach in core IT networks and shelters malware away from standardized operating systems, PCs or mobile, where anti-virus tools offer protection. In massive machine-type communications, such as smart power plants or rail networks, whole swathes of infrastructure may need rebooted.

In breaches where IoT has been substantially affected, research points to increased costs for the victim.  IBM estimated that, in cases involving connected technology, the typical expense rises by $5 for each compromised record.

Ransomware Continues to Run Rampant

Ransomware has been around for decades but it has come to the fore of the global cybersecurity agenda as financial rewards have grown larger, and because the end-user possesses few remedies.

Data privacy means extortion tactics can now be employed, with the threat of information being leaked into the public domain enough to browbeat organizations. The balance has tipped in favor of the perpetrator, who will find sanctuary from law enforcement in overseas jurisdictions, argued Rapid7’s Ellis.

Organizations manage to retrieve just 65% of data on average for paying the ransom, according to Palo Alto Networks, while the biggest ransom doubled from 2019 to 2020, from $5 million to $10 million. By way of a response, the Ransomware Task Force which Ellis co-chairs has drawn together 48 recommendations, spearheaded by the Institute for Security and Technology and its international peers.

Ellis said the initiative would look to collaborate and spur existing technologies which assist ransomware victims. One partial antidote, backed by the taskforce already, is the No More Ransom project, which provides decryption tools for known ransomware attacks and is sponsored by pan-European enforcement agency EUROPOL.

“It can in some cases mean the [victim] doesn’t have to pay the ransom, which solves the initial part of the problem – although the remainder of the recovery process, including assessing all systems accessed in the breach, are still necessary,” Ellis concluded.

Comments are closed.