Will hackers elect the next US-President? Cyber attacks on US campaign committees prove the susceptibility of advanced institutions
RadarServices illustrates the most frequent errors made in IT security monitoring
Vienna, 4th of August 2016. IT security is achieved through the usage of specialized software – at least this the the predominant image in the public. But in large companies and public institutions a lot more is done in order to protect customer data, business secrets and internal communication on a daily basis from cyber attacks.
The Security Operations Center (SOC) is at the center stage, comparable with the tower at the airport. Based on state-of-the-art technology experts permanently monitor and analyse the current IT security risk situation of the entire IT infrastructure of an organisation and in case of anomalies immediate measures are taken.
The fact that cyber attackers are nevertheless successful at companies or institutions such as the Democratic National Committee (DNC) or the Democratic Congressional Campaign Committee (DCCC) in the current US-campaign, shows that detailled security monitoring does obviously not work perfectly at all times.
What are the most frequent problems? RadarServices, operater of Managed SOCs worldwide, has analysed them and provides advice as to what companies should by all means consider in the operation of a SOC.
Problem No. 1: There is no SOC per se
Example: Large hospitals. 2016 various cases of ransomware attacks occurred, especially in Germany, the USA and Canada. This extortion software paralysed the entire IT and the processes of entire organisations for days. Despite state-of-the-art medical technology important measures in the area of IT security, which could render these attacks harmless form the outset, seem to be missing.
Approximately 85% of all German companies with more than 1,000 employees do not have a SOC per se at the moment. “The setup of a SOC is a must for large organisations”, warns Harald Reisinger, Managing Director at RadarServices. “Damages amounting to millions and negative reputation are the consequences of cyber attacks if organisations do not have the technical tools and experts in place and therefore do not detect ongoing cyber attacks for weeks or months. In this case the attackers have enough time to trace the weakest link in the entire corporate network. They can for example upload malware to employees’ accounts or download large amounts of data”, according to Reisinger.
Problem No. 2: Installation of security software alone is not enough
For the IT risk detection there is a range of complex and cost-intensive systems, software and information sources necessary. This includes for example vulnerability scanners, Intrusion Detection Systems, a Security Information & Event Management System, Sandboxing-Technologies, Threat Intelligence and reputation data as well as correlation engines. With the purchase of these products it is, however, not done. Experts have to continuously configure these systems and adapt them to current circumstances in order to detect attacks in time. The findings suggested by the software are merely risk warnings. Experts have to analyse this information, assess it with regards to danger, analyse its consequences on IT and business processes, prioritise the remediation, attach notes on remediation measures for the operative IT teams and last but not least undertake a final check up on whether the as “remedied” classified events were actually treated.
“The SOC experts are not only decisive alarm transmitters in cyber attacks. Above all they coordinate all the tasks of the operative IT teams in case quick reactions to attacks are necessary aiming to limit the potential losses. Thanks to these experts the SOC is the control center for effective IT risk management”, Reisinger explains.
Problem No. 3: Efficient processes are missing
The cyber attack on the US retail chain Target in 2013 illustrated the consequences of non-functioning processes very clearly: More than 100 million data records from clients were stolen. According to reports the company was in time informed about suspicious anomalies by their security services provider, a reaction in due time was, however, not the case.
The most expensive software and a trained team of experts are useless if the processes are not established or not lived by. “In case of an acute attack a smoothly functioning workflow within the SOC teams as well as between the operative IT team and the SOC team are of utmost importance. The responsible employees have to be in regular and personal exchange in order to work side by side in case of emergency”, Reisinger finally states.
Also for larger organisations cyber attacks represent a worldwide challenge. The success formula consists of three components: state-of-the-art tools, trained experts and established processes. If this is the case, also large companies and institutions currently in crosshairs are safe – and only the citizens will be the ones electing their president.