Connect with us

Expert Speak

“By the Time You’ve Been Compromised, It’s Already Too Late”



Written by Rawad Sarieddine, Vice President – Middle East, Turkey & Africa, CrowdStrike

Organisations attempting to protect their data currently face an unprecedented threat level. According to the World Economic Forum’s Global Risks Report 2021 respondents ranked Cybersecurity failure among the top five ‘clear and present dangers’ that the world will face in the next two years. Even the largest and best-equipped of international organisations have shown they’re susceptible to attack from persistent, skilled adversaries. Much like insuring your home against flooding, you need to protect your digital data.

The tough reality for many organisations is that by the time they have been compromised, it’s already too late. To detect these threats, cybersecurity teams have traditionally relied on Indicators of Compromise (IoCs) which work by detecting signatures, exploits, vulnerabilities and IP addresses to help determine whether a security incident has occurred. This has meant that rather than preventing a breach, security teams have remained focussed on investigating what has already happened. However, in recent years, next-generation security solutions have emerged, allowing security teams to go beyond this to really understand the intent of what an attacker is trying to accomplish – and hence, how better to thwart this.

What Are Indicators of Attack (IoAs)?
IoAs allow security teams to develop a more proactive approach to investigations by helping them quickly identify and understand common actions that an adversary must conduct to succeed. These include code execution, persistence, stealth activity, command control and lateral movement within a network. The key advantage of IoAs is that they allow security teams to stop adversaries in their tracks before they’re able to compromise an organisation’s defences, if they are spotted and acted on. 

For example, a spearfishing campaign, which is designed to probe a system’s defences, could act as a precursor to a cyber attack. This typically kicks off with an email that seeks to persuade a target to open a file that will infect their machine. Once compromised, the attacker will silently execute another process, hide in memory or on disk, and maintain persistence across reboots of the system. Security teams proactively monitoring for IoAs will be able to detect the execution of any of these steps and identify an adversary through inferring what these actions are trying to achieve. This means that security teams are more likely to discover bad actors before they’re able to compromise a network.

A Real-World Analogy
Let’s put things into context. In many ways, a data breach could be compared to a bank robbery. The attacker needs to overcome the defender’s security systems and successfully exfiltrate their objective – whether that be sensitive data or bars of gold. When a bank is robbed, authorities typically arrive after the crime has taken place and can begin collecting evidence. They may find evidence on the security cameras; the thief drove a red convertible, wore a baseball cap and used liquid nitrogen to break into the vault.

These points of evidence are only discovered after the fact, much like IoCs – they show that there was an attack, but the money is already gone. This same evidence could be used to eventually find the thief but only if they don’t change their methods. If the next time the perpetrator uses a blue hatchback, wears a bucket hat, and uses a drill to break into the vault, he might be successful for a second time. This is because the security team won’t be prepared to look for these new points of evidence. 

However, if the bank was set up to monitor for IoAs, they might be able to prevent a robbery entirely. Just as a data breach is frequently preceded by a phishing attack, a bank robber might ‘case’ the bank before the heist. Like a phishing campaign, this process involves steps that a proactive security team could detect. If the thief attempts to disable the system, move towards the vault or attempts to crack it, the security team can infer he is trying to rob them. Using this information, the security team can then stop the attempt before the perpetrator can steal anything at all. 

IoAs in Practice
During a cyber attack, these points of evidence may be less obvious than in a bank, but the same principles apply. If a security team can spot IoCs such as an MD5 hash, a C2 domain or a hard-coded IP address, they might be able to use these indicators to prevent future attacks. However, given that IoCs aren’t a constant variable, security teams could be left on the back foot as they struggle to keep up with the evolving threat landscape. 

On the other hand, IoAs allow security teams to monitor for suspicious behaviours, helping them to quickly adapt and take action to prevent a breach. By focusing on the tactics, techniques and procedures of attackers, security teams can determine who the adversary is, what they are trying to access and why, while providing a proactive approach to confronting advanced threats.

Expert Speak

Hidden Champions: Behind These Popular Applications Are Hard Drives



Written by Rainer W. Kaese, Senior Manager of Business Development Storage Products at Toshiba Electronics Europe

Continue Reading

Expert Speak

How to Secure MSP Success Brick by Brick



Written by Roman Cuprik, content writer at ESET (more…)

Continue Reading

Cyber Security

Is Consent the Gateway to Ethical Data Usage Practices?



Every tech company under the sun is grappling with data privacy and protection policies and laws. However, consent is crucial when it comes to data collection and processing. Having the user’s consent to use their data is imperative. While securing the data after collection is also important, using customer data without their consent causes more serious issues. Without obtaining consent from the user, any data that you use for your business falls under the unlawful use of data regulations.

Users of the well-known platform Glassdoor, which allows individuals to anonymously review their employers, allege that the site collected and linked their names to their profiles without their permission. Glassdoor users have expressed alarm, and the issue has been widely featured on social media and news-sharing sites. They fear that their anonymity could be compromised if data about them is collected and added to their profiles.

The issue here boils down to a single word: consent.

The gray area of obtaining consent
Organizations can knowingly or unknowingly exploit users’ personal data without proper knowledge of data privacy. It is not enough just to get consent from users; explicit consent is required. This includes ensuring the user selects checkboxes during the signup process, enters their email address, authorizes receiving marketing emails and newsletters, and grants the app permission to track user data in specific situations.

But when it comes to verbal consent, there is ambiguity. The GDPR accepts verbal consent but requires written or recorded proof of the consent given. The GDPR states that, “when requested by the data subject, the information may be provided orally, provided that the identity of the data subject is proven by other means.” Therefore, it is better to record or have written proof of verbal consent; one must not assume or misunderstand that verbal consent only includes oral consent.

Often, there is less visibility of data usage for customers. More often than not, customers do not know what they are giving consent for or how their data will be used. Let’s take the case of location data sharing.

Location data can show if someone visited an abortion clinic or a cancer treatment center. People usually want to keep this type of information private and not share it with companies or third parties. When consent is given without knowing what it is for, the act of giving or obtaining consent becomes meaningless.

Why consent is important in ethical data practices
Although you are legally required to obtain the user’s consent to process their data, there is also such a thing as the ethical use of data. When you take measures to protect your customers’ data beyond what the law requires, it promotes trust among your customers.

People value privacy and appreciate brands that prioritize data privacy. Let’s say a consumer is given the option to choose between two brands: one with no privacy features and another that advocates for privacy with built-in privacy features. Which do you think the customer will choose? Obviously, the latter.

Understanding a company’s data privacy policy is crucial to 85% of consumers—even before they make a purchase, a global study determined. Equally as important, 40% of individuals have changed brands after discovering that a company failed to protect customer data adequately, according to the McKinsey Global Survey on Digital Trust.

This is why tech companies go out of their way to demonstrate the privacy features they offer and how user consent is prioritized in these features.

In a way, customers prioritizing consent compels companies to integrate ethical data privacy policies into their systems. But it’s time companies realize that consent is the backbone of data privacy regulations and take customer consent seriously, not just to avoid hefty fines, but to also value the customer’s choice and their right to privacy.

A final word
Organizations worldwide are facing issues with data privacy. What is important when trying to protect your customers’ data is to realize the role customer consent plays. This helps organizations develop features and draft policies with the customer’s consent in mind and to effectively communicate to the customers why they are seeking consent. Without this step, data privacy becomes compromised. So, both organizations and customers need to grasp why consent matters and advocate for the ethical processing of data.

ManageEngine is a division of Zoho Corporation that provides comprehensive on-premises and cloud-native IT and security operations management solutions for global organizations and managed service providers. ManageEngine strongly believes in privacy by design and continuously advocates for user privacy. Established and emerging enterprises—including nine of every 10 Fortune 100 organizations—rely on ManageEngine’s real-time IT management tools to ensure the optimal performance of their IT infrastructure. Learn more about ManageEngine’s comprehensive suite of IT management solutions here.

Continue Reading

Follow Us


Copyright © 2021 Security Review Magazine. Rysha Media LLC. All Rights Reserved.