You have to know what’s on your network. It’s very hard to defend against something you don’t know exists. I think a lot of security people get and understand that they have a responsibility and are accountable for protecting information, whether it is public or corporate. The challenge is locating that data, after which you have to take it one step further and determine which people have access to it. It comes down to auditing what people do with their access to critical data and making sure secrets are where they are suppose to be and not on people’s thumb drives. This also includes setting up policies that prohibit employees from creating databases with sensitive information on their computer and taking a proactive approach.
What are some of the dangers of failing to take a proactive approach to cyber security?
Obviously, if you’re in a regulated industry you are required to. Failure to properly handle breaches of a security network could cost you your job or the company could suffer sanctions. It could also end up hurting you on the trading floor. The other, bigger thereat is your corporate secrets end up in the hands of your competition and you lose your competitive advantage. Corporate espionage is happening quite a bit.
What can be done to ward off potential sleeper attacks from malicious software that may already be in an organization’s network?
We need to look at our boxes digitally. The bottom line is when you establish as a company that these are the applications we use; you need to create a digital profile or digital baseline. At any point in future, you can run a comparison against what’s different from baseline. The key to catching sleeper code is being able to recognize it.
What should an organization do after a breach has been detected in the system?
In a regulated industry, you should get your general counsel; advise them that you’ve had this incident and start going through the process two fold. You have a duty to inform while simultaneously you also have your security team going down a road (to determine where the breach originated).What you really have to keep in mind is evidence sterility. You need to make sure that the steps your security staff are taking fall under industry best practices and that your experts can stand up to scrutiny and cross examination. More companies are developing computer forensics teams to handle these types of situations.