The brutal reality is that no enterprise – regardless of size or industry – is immune from attacks on their information and systems. Yet many organizations are still leaving themselves open to onslaughts, which can cause untold damage both financially and to their reputation.
Worse still, even those who have shored up their defenses to the maximum are getting hit. Why? Because the very nature of what constitutes an attack has changed. In spite of every effort being taken to prevent breaches, today’s highly sophisticated adversaries can eventually find a way around the most rigorous defenses. The well-aired axiom of ‘when, not if’ has become the starting point for any organization that is serious about its approach to information security.
The scale of the problem is clearly identified in Symantec’s 2015 Internet Security Threat Report (ISTR). In 2014, Symantec observed advanced attackers:
- Deploying legitimate software onto compromised computers to continue their attacks without risking discovery by anti-malware tools
- Leveraging a company’s management tools to move stolen IP around the corporate network
- Using commonly available crime ware tools to disguise themselves and their true intention, if discovered
- Building custom attack software inside their victim’s network, on the victim’s own servers
- Using stolen email accounts from one corporate victim to spear-phish their next corporate victim
- Hiding inside software vendors’ updates – in essence, ‘Trojanizing’ updates to trick targeted companies into infecting themselves
Given the stealth of activity, it is not uncommon that Symantec’s Incident Response teams when investigating a known breach often discover additional incidents in progress.
At Symantec, we believe that while compromise may be inevitable, data breach does not have to be and we help organizations prepare, and respond quickly to incidents, by following forensically sound procedures to collect, preserve and analyze evidence. By working closely with enterprises, focusing on the proper aspects of people, process and technology, Symantec’s goal is to ensure that companies can effectively prepare for incidents and avoid many of their negative impacts.
How do we achieve this? Our Managed Security Services, DeepSight Intelligence, Cyber Skills Development, Incident Response (IR) and Security Technology and Response teams combine to provide rich analysis of incidents, to deliver a clear understanding of the depth and breadth of any particular incident, so the root cause and nature of the incident is identified quickly – and then eradicated.
Most importantly, Symantec assesses and trains an organization’s team, helping to maximize resources and add new skills expertise. We also ensure that all of the essential IR tools are firmly in place to properly detect, analyze, contain and eradicate threats as they surface.
To protect your organization’s reputation and information, it is critical to develop an incident response program “with clearly delineated roles and responsibilities for quickly discovering an attack, effectively containing the damage, eradicating the attacker’s presence, and restoring the integrity of the network and systems”.
CYBER INSURANCE & IR
An important factor that can get overlooked is the role that IR plays when it comes to qualifying for cyber insurance. Insurance companies are looking for a risk response strategy that not only covers the breach itself, but also advances preparation for such a breach. Insurers are turning increasingly to companies like Symantec to help them with the underwriting and IR, as this helps insurers mitigate the cost by having a qualified group of individuals participating. In fact, a risk response strategy is becoming increasingly important, as we are seeing more and more insurance push backs involving companies that prove to be unprepared for a cyber-attack.
Unsurprisingly, currently 52% of large organizations and 35% of small organizations take out insurance that would cover them in the event of a breach. However, that means far too many would still be left heavily exposed, were a breach to occur. Organizations should be mindful of the ‘when, not if’ maxim and take those key steps recommended to keep their businesses well protected – in every sense of the word.
To help organizations gain a better understanding of cyber insurance, Symantec recently teamed with a group of security experts to deliver a whitepaper that addresses how organizations can get the most from cyber insurance.
At Symantec, we leverage the talent of our people, empowered with innovative technologies and tested processes to provide customers with an integrated end-to-end approach to proactively address their security needs and improve their overall cyber security resiliency.