One of the most sacred responsibilities of all cybersecurity professionals is protecting information. Corporate financials, client information, sales records, and product designs are all critical to an organization’s success. Each firewall, IDS, MFA, and email security is built to protect and stop cyber attacks.
Cybercriminals are always looking for new ways to steal from companies and individuals. Given this fact, businesses should note the growing number of security issues and cyber threats.
However, do most cybersecurity attacks happen the way it is portrayed?
Hackers will use data distortion when attacking businesses. For example, suppose criminals hack into your company’s cloud. In that case, they may upload fake documents that tell employees to transfer money from their accounts into the criminals’ accounts or compromise their security even more.
A company’s loss of control over its business practices may lead to various risks, which cybercriminals quickly exploit. More and more businesses are using artificial intelligence (AI) to improve efficiency. However, deploying unproven artificial intelligence (AI) could result in unexpected outcomes, including a higher risk of cybercrime.
Years ago, I called on several K12 school districts as a sales engineer. My focus was on cybersecurity and data protection. I used to spend hours meeting with school officials to discuss how to protect their data. Many laughed off the idea of protecting student data. “We have other problems, and no budget” became the common theme. I also learned many of the school superintendents often discuss actual security breaches among themselves. Most would encourage their peers “deny everything.”
Being a parent of two wonderful kids and a cybersecurity professional, I became sickened by this attitude.
Thankfully, with the passing of the FERPA — The Family Educational Rights and Privacy Act (FERPA) is a federal law that affords parents the right to have access to their children’s education records, the right to seek to have the records amended, and the right to have some control over the disclosure of personally identifiable information.
While enforcement of FERPA is left to the department of education, there is some sense of data accountability and disclosure of events.
With the hack in Shanghai showing the possible ease of use in stealing over a billion records, did the cybersecurity operations fail? Well, that depends on who you believe.
The hacker that claimed the data exfiltration demanded $200,000.00 in bitcoin or the group will release the name and addresses of over a billion citizens in China. Distortion or reality? Cybersecurity professionals have been facing this challenge for years.
Growing attack vectors — Real or False Flag?
Ransomware, the attack on management consoles, and whale phishing continue to spread across new attack surfaces in organizations. Even with advanced AI and ML, data exfiltration, account takeovers, and denial-of-service attacks will continue to impact. What critical steps can SecOps, Netops, and DevOps, along with business continuity, take to communicate?
- In the case of ransomware, should the organization pay the ransom?
- Should the organization release a statement to the public confirming the event in the timeline required by law?
- Should the organization deny the event publically as a possible distortion campaign?
- Will cyber insurance continue to be an option that organizations can rely on?
Ultimately, having a communications plan designed to reduce the distortion of information is critical. Sending the correct message to employees, partners, and shareholders helps reduce the added self-inflicting drama while keeping the parties informed with the truth.
Some organizations demonstrate greater responsibility for managing a cyber event. Others hide in the shadows, hoping no one will find out. We live in a connected world; everyone knows more than we realize.
Disclosing an event early helps get ahead of the distortion. Hackers and cybercriminals can distort the facts of the hacker while the actual damage may have been minimal.
What can organizations do?
- Invest in security monitoring, response, and proactive controls.
- Collect your data
- Classify your data and set retention
- Leverage the MITRE ATT&CK Framework as a threat hunting tool — Know where and how the attacks happen.
- Leverage the Lockheed Martin Kill chain process — Know how the attack occurred (if it did happen)
Knowing what happened, how it happened, and if it did happen is the best way to fight the distortion attack from hackers.
Until next week,