Download Three Recommendations for Securing the Network From Targeted Attacks
Targeted attacks remain a serious threat to organizations despite the emergence of advanced security technologies. Many organizations can still fall prey to targeted attacks because of the growing sophistication of tactics and tools cybercriminals use to stealthily breach the perimeter of the network. In fact, a 2019 study conducted by Accenture and the Ponemon Institute shows that the average cost of cybercrime for each company — where sophisticated attacks are at play — has increased from US$11.7 million in 2017 to US$13.0 million in 2018.
Fortunately, organizations can still boost their defense strategy by complementing their cybersecurity solutions with best practices that can prevent targeted attacks and their devastating consequences. The following are three security recommendations that can protect your network from targeted attacks:
1. Network segmentation should be implemented.
Network infrastructure is usually complex as it involves layers of users, workstations, servers, and other connected devices. Complex networks pose challenges to security in terms of visibility and access management. It’s highly recommended to break down individual components into ordered segments, which can be by department, location, or security level.
Network segmentation also prevents employees from accessing parts of the network — and thereby digital assets — that should be restricted to them. This way, in the event of an attack, hackers and even insider threats can be stopped from accessing every part of the network.
Part of the network segmentation process is identifying critical assets that could cause organizations major damage if compromised. Organizations need to determine which of their critical assets are most vulnerable to attacks and assign an equivalent level of security to high-priority and high-risk assets. Aside from providing personnel training, correctly configuring networks, and setting up security solutions, the IT security team should proactively detect targeted attacks.
2. Network logs — a lot of them — should be analyzed.
The collection and analysis of logs can help organizations detect targeted attacks. IT and security professionals can gain valuable information about the attackers, for example, how they made their way into the network and their attack strategy.
Logs can also provide insights into the network’s general activity. Security professionals familiar with network traffic monitoring can tell if a targeted attack is about to take place. They can do so by scanning for any suspicious activity in the network, which can allow the prevention of an attack before it causes further damage.
It should be noted, however, that the use of logs can only be maximized through log analysis and by looking at a huge number of logs. When provided with a massive amount of logs to analyze, a security professional can be equipped to tell the whole story. Log analysis doesn’t only provide new threat intelligence; it also allows for the discovery of significant events in the network.
3. A cybersecurity incident response team should be in place.
Ideally, an organization should have an incident response team composed of cross-functional members from different departments who can deal with different concerns in case of a targeted attack. The cybersecurity team, in particular, should be separate from the regular IT team, and should be trained to address sophisticated attacks.
However, an in-house cybersecurity incident response team is becoming more difficult to assemble because of the widening cybersecurity skills gap. While some in-house IT staff members and security professionals are trained to manage and control the network, they may have minimal experience when it comes to targeted attacks. In addition, the lack of cybersecurity workers can overwhelm organizations especially that the number of alerts that can be generated on a day-to-day basis has become too high.
To address this challenge, organizations should look into sourcing a third-party incident response team for their security needs. Services featuring security experts who have expertise in advanced threat detection, threat hunting, analysis, and response have become available recently. One type of service is managed detection and response (MDR), which provides cybersecurity professionals who will be responsible for monitoring networks, analyzing incidents, and responding to attacks.
Trend Micro™ Managed XDR is one such service that offers a wider scope of visibility and expert security analytics by integrating detection and response functions across networks, endpoints, emails, servers, and cloud workloads. Using advanced analytics and artificial intelligence (AI) techniques, the MDR team monitors the organization’s IT infrastructure 24/7 to correlate and prioritize alerts according to its level of severity. Organizations can have access to experienced cybersecurity professionals who can expertly perform a root cause analysis to get an understanding of how attacks are initiated, how far they spread in the network, and what remediation steps need to be taken.