Can Organisations Turn Back Time after a Cyber-Attack?


In the aftermath of a cyber breach, the costs of disruption, downtime and recovery can soon escalate. As we have seen from recent high profile attacks, these costs can have a serious impact on an organisation’s bottom line. Last year, in the wake of the notPetya attack, Maersk, Reckitt Benckiser and FedEx all had to issue warnings that the attacks had cost each company hundreds of millions of dollars. Whilst the full extent is not yet known, it has underlined the financial impact that such breaches can have.   

The severity of a breach is often linked to the costs associated with responding and remediating the damage. However, there are ways for organisations to minimise one particularly costly part of the process: new approaches to post breach remediation mean that organisations can, in effect, roll back time to a ‘pre-breach’ state.

The costs of a breach

Cyber attacks can cripple a business and take days to clear up. For larger organisations that are affected by an incident, the cost of remediation could include damage to the brand’s reputation, legal costs, setting up response mechanisms to contact breach victims, and more. For smaller organisations, even though the costs of remediation might be smaller, they’ll take up a greater proportion of their operating revenue; from lost data to damaged or inoperable equipment, as well as the disruption to normal business. There is also the cost of any fines that are generated because of failures in compliance. In fact, Ponemon now puts the average cost of a breach at $3.62 million. 

This clean-up operation can represent a serious drain on an organisation’s time and resources. The process of repairing and recovering data from compromised IT assets is consistently reported as one of the most high-cost elements of the breach. Ransomware attacks, in particular, are likely to become more difficult to remediate, by targeting systems that are more difficult to backup, which means that the costs of cleaning-up after a breach are set to get worse. Paying the ransom is no guarantee that files will be recovered: in fact 20% of ransomware victims that paid never get their files back.    

Part of the challenge is that cyber attacks are getting smarter and stealthier, and stopping every cyber attack in its tracks, before it reaches the network and can inflict any damage, is unrealistic. What organisations should aim for is, in all cases, to identify the virus as quickly as possible, halt the executable, and isolate the infected endpoint from the network. During execution, malware often creates, modifies or deletes system files and registry settings, as well as making changes to configuration settings. These changes – or remnants left behind – can cause system malfunction or instability.  

For organisations that are dealing with hundreds of incidents every week, there can be a serious impact to the business from working to re-image or re-build systems, or reinstall files that have been affected. There’s not only the lost work to factor in, but also the downtime while systems are restored as employees are stymied if they can’t access the files and systems they need to.

There are approaches through which these costs can be minimised: a new generation of endpoint protection observes the malware’s behaviour in order to flag activities that are seen as abnormalities and steps in the line of execution to deflect it completely.  Moreover, this new generation of solutions has remediation capabilities to reverse any modifications made by malware.

This means that when files are modified or deleted, or where changes are made to configuration settings or systems, it can undo damage without teams having to re-image systems. This ability to automatically rollback compromised systems to their pre-attack state minimises any downtime and lost productivity.

Assessing the Impact

The work isn’t done yet: an often-overlooked aspect of post-event evaluation of what happened should focus on how to prevent a repetition of a similar incident. Clear visibility of the kill chain and the affected endpoints across an organisation, in a timely manner, is essential for security staff to quickly identify the scope of the problem. In order to assess the impact and potential risk, organisations need to have assurance afterwards to confirm if a particular threat was present on their estate – the ability to search for Indicators of Compromise (IoC) is vital. Real-time forensic data allows organisations to track threats or investigate post-attack to provide insights into exactly which vulnerability the attacker targeted, and how. These can pinpoint the parts of the system that were directly affected and also determine if any further remediation actions are required. 

With the costs of breaches escalating, it’s more important than ever to have the capability to learn from incidents to avoid history repeating itself. Even if it’s not possible to thwart every attack, a full security approach which includes prevention, detection, automatic mitigation and forensics will ensure that the impact of any incident is minimised and that normal operations can be resumed as quickly as possible.  

About the author: Patrice Puichaud is Senior Director for the EMEA region, at SentinelOne.

Copyright 2010 Respective Author at Infosec Island via Infosec Island Latest Articles "https://ift.tt/2IEZFSI"

Comments

Post a Comment

Popular posts from this blog

Evernote cuts staff as user growth stalls

Image
Note-taking app Evernote has fallen on hard times of late, culminating in its latest spate of job cuts impacting 15 percent of its workforce (54 employees). CEO Chris O' Neil -- an ex-Googler who took the reins in 2015 -- announced the firings at an all-hands meeting earlier today, reports TechCrunch . In a message on the Evernote blog , O' Neill admitted he'd set "incredibly aggressive goals" for the company in 2018. He continued: "Going forward, we are streamlining certain functions, like sales, so we can continue to speed up and scale others, like product development and engineering." The layoffs follow an exec exodus just weeks ago and the company's recent brand refresh (complete with a refined logo and wordmark). But critics are more concerned about its product, especially the free tier, which they claim lacks the perks to
Read more

The best air conditioner

Image
By Liam McCabe This post was done in partnership with Wirecutter . When readers choose to buy Wirecutter's independently chosen editorial picks, it may earn affiliate commissions that support its work. Read the full article here . After six summers of researching, testing, and recommending window air conditioners, we've learned that quiet and affordable ACs make most people the happiest—and we think the LG LW8016ER will fit the bill in most rooms. This 8,000 Btu unit cools as efficiently and effectively as any model with an equal Btu rating, and runs at a lower volume and deeper pitch than others at this price. Little extra features like a fresh-air vent, two-axis fan blades, and a removable drain plug help set it apart, too. The LG LW8016ER is a top choice for an office or den, and some people will find it quiet enough for a bedroom, too. If our main pic
Read more

We won't see a 'universal' vape oil cartridge anytime soon

Image
Pre-loaded cartridges of cannabis concentrate are currently among the most popular means of consumption, and for good reason. They're discreet to use and easy to handle, a far cry from the dark days of 2016 when we had to dribble hash oil or load wax into narrow-mouthed vape pens by hand. But, frustratingly, an ever increasing number of oil cartridge manufacturers employ one-off design standards so that their products won't work with those of their competitors, thereby locking customers into proprietary ecosystems. We've already seen this with nicotine vaporizers -- which has a seen a massive rise in "pod systems" in the last few years, each outfitted with a unique canister and battery built to be incompatible with those of their competition. Is it too late for the burgeoning cannabis industry to set a universal standard for their product designs?
Read more