View Single Post
Old 01-12-2021, 06:14 AM
Boats's Avatar
Boats Boats is offline
Senior Member

Join Date: Jul 2002
Location: Chicago, IL
Posts: 17,757
Exclamation If FireEye And The U.S. Government Can Be Hacked, What About Me?

If FireEye And The U.S. Government Can Be Hacked, What About Me?
By: David Lam - Forbes councils Member - Forbes News - 01-12-21

Partner and Chief Information Security Officer at Miller Kaplan, overseeing Information Security for both clients and the firm.

On December 8, premier information security company FireEye released in a blog post that it had been hacked. Company CEO and industry legend Kevin Mandia wrote, ďBased on my 25 years in cybersecurity and responding to incidents, Iíve concluded we are witnessing an attack by a nation with top-tier offensive capabilities. This attack is different from the tens of thousands of incidents we have responded to throughout the years.Ē

Several days later, the U.S. government reported that many federal agencies were also breached as a result of a major attack on IT software provider SolarWinds. SolarWinds provides software to hundreds of thousands of businesses and organizations.

So, how can small or medium-size businesses possibly stay secure? First, itís likely that your SMB is not going to capture the attention of a nation-state. Nation-states have resources well beyond the typical hacker or hacking group. Itís important to note that practicing information security is not about being 100% secure; itís about protecting yourself at a commercially reasonable level. Itís also about doing the right thing and accepting that you may not be able to do everything you might want to.

Remembering that you are most likely to fall prey to a common-variety attack, this is a good time to review seven things that you should be doing to protect your organization:

1. You must have information security policies and standards that dictate the level to which you will manage your information security. If you are a smaller company, this likely means bringing in outside experts to help you get these policies and standards in place. If you are a larger company, it means making sure that your team has done the right thing to create standards in accordance with international frameworks like the NIST Cybersecurity Framework or ISO 27001 and 27002.

Is It Really Possible For The Next Silicon Valley To Emerge In A Small Town?
How To Keep Sustainability At The Forefront Of Decision-Making
Building Loyalty In A Fractured Environment As Digital Adoption Escalates
2. If you can, get cybersecurity insurance. The cybersecurity insurance marketplace is still evolving, and some of my clients have said that itís been more difficult and more expensive to get such insurance. Iíve also heard of significant carveouts in these insurance policies, so buyer beware. Still, if you have a breach, it can be a lifesaver, from both financial and resource perspectives, to have the means to respond to that breach, protect your clients and safeguard your organization.

3. Once you have your program in place, you need to pay attention to the basics. Most organizations will be hacked by a phishing attack or by a drive-by attack (from simply browsing the web) where one of your users clicks on a link or opens a document with a malicious payload. Once the bait is taken, the malicious remote user takes over that computer with administrative privileges. The No. 1 way this happens is when patches are not applied. While many companies think turning on automatic patching is sufficient, our experience has been that those organizations that are not using an industry-standard vulnerability scanner are missing critical patches, sometimes going back a decade or more. Hackers take advantage of these old exploits to easily take over your machines and systems.

4. Remember that your key assets are your people, and they must be continually trained. Recent experiences have shown me that while online training is an excellent part of an overall training regimen, there is absolutely no substitution for small, intimate focus groups discussing the importance of information security. Keeping these groups to 10-13 people and conducting highly interactive sessions leads to increased information security awareness and a better ability to detect attacks.

5. As part of your training program, ensure that your users know to report suspicious events. Early indicators of events can limit the scope of a breach and reduce the damage thatís been done. Also, remember that a user who reports a potential phishing attack in the first few minutes can limit the exposure.

6. Conduct vendor risk management due diligence so that you know that the vendors you are retaining are doing the right thing with regard to information security. Clearly, FireEye is a world-class information security vendor that has gone out of its way to release information to protect the public. However, many vendors do not have even minimal commercially reasonable information security practices in place, such as those policies and standards we mentioned in tip No. 1. Most critically, if you are using that vendor, especially if they service your IT needs, you are placing your company at significant risk.

7. Ensure that IT or your IT vendor is applying appropriate, commercially reasonable tools to manage your network. For example, FireEye had some tools stolen that can be used to attack anyoneís network. As part of its commitment to the community, FireEye has released signatures to detect the use of these tools. If you already have an intrusion detection system (IDS), that company has likely uploaded the signatures that FireEye released to detect these attacks. Having these systems, which are typically reasonably priced, can make a big difference in your information security posture.

Remember that information security is not reliant on just one layer. Itís important to have multiple layers of protection, known as defense in depth, to protect your systems. Thatís why selecting the best tools you can afford, from both a time and money perspective, is an important step in the protection of your organization.

Information security is not a destination ó itís a journey. So you can take one step at a time to become more secure and protect your organization. These FireEye and federal government hacking incidents remind us that doing the right thing is important, which means protecting our data for clients, stakeholders, employees and ourselves. They also remind us that no matter how advanced our information security practices, weíre all on a journey to be reasonably secure.

About this writer: For more than 30 years, David has been managing information for small and medium businesses including custom software development, systems management, and information security. As a former Chief Information Officer (CIO) and Chief Information Security Officer (CISO), David brings a holistic, highly integrated, and deeply disciplined view of technology management to his work. He provides his clients with information security management support while helping them achieve optimal usage of their technologies.

Davidís experience extends to information technology, information security, and physical security. He honed his craft at a nonprofit, in the corporate realm, at a university, and as a consultant. He is a Certified Six Sigma Black Belt from ASQ and has also achieved ITIL Foundations, CNE, MCSE, CCNA, CCDA and Network+ certifications. David excels at bringing these disparate disciplines together into a coherent and efficient practice for his clients.

An award-winning CIO and lead of the firmís Information Security group, David has written many articles on information security management, as well as co-authored a book about how to better communicate effectively. He has taught multiple college extension classes and presented at numerous conferences on technology, information security and physical security, as well.

Outside of work, he runs the Los Angeles CISO forum which works together to improve the craft of information security.

O Almighty Lord God, who neither slumberest nor sleepest; Protect and assist, we beseech thee, all those who at home or abroad, by land, by sea, or in the air, are serving this country, that they, being armed with thy defence, may be preserved evermore in all perils; and being filled with wisdom and girded with strength, may do their duty to thy honour and glory; through Jesus Christ our Lord. Amen.

sendpm.gif Reply With Quote
Sponsored Links