Cybersecurity compliance is an increasingly important topic. Last week, the SEC brought charges against 32 individuals accused of insider trading; as Kristin Bartlett, M. Todd Scott, and Daniel Dunne of Orrick noted, the Commission “alleges that the hackers and traders made more than $100 million in illicit profits by hacking into embargoed non-public company information on the newswire services’ systems and trading on that information before it was publicly release.”
This is a continuation of the SEC’s increased emphasis this year on preventing cybercrime, and underscores the importance of both strong assessment and strategic response capabilities for organizations subject to SEC oversight. Today, we look at three specific areas for implementing those recommendations, even with modest infosec resources at your disposal.
Implement Early Assessment Capabilities
According to the Centre for Strategic and International Studies, cyberattacks are on track to cost 20% of the total economic value created by the Internet, primarily via fraud and espionage.
The cost of a data breach is a well-known statistic in the industry, and many security vendors cite the annual Ponemon Institute’s report for information as to what the potential damages for not securing against a compromise are. (For 2015, the average breach costs an organization $3.79 million.)
Accordingly, it’s important to prevent breaches as early as possible. The primary vector for 93% of all attacks is spear phishing; organizations who are bound by SOX, HIPAA, FedRamp, PCI-DSS, or any other of a number of regulatory requirements cannot afford to not have a robust, automated, and accurate spear phishing detection and prevention program in place.
Harden Against Privilege Escalation Attacks
The “prize” for most hackers who are engaged in spear phishing is a set of credentials — typically stolen via either malware embedded in a document file or through the use of a malicious link. Once stolen, those credentials are then used to move laterally within a network, and gain illicit access to sensitive data.
As with the pending SEC case from last week, Forbes notes that “key assets for organizations…usually include financial assets held in digital form (e.g., money or stocks), customer data, trading data and business strategy information (e.g., trading algorithms or strategic business plans).”
Security executives can defend against this kind of attack by extending their assessment tools beyond simple spear phishing detection. Credential theft is indicated by abnormal access patterns, either through suspicious login times, locations, or patterns of repeated access attempts, failures, and so on.
The sheer volume of authentication data makes this incredibly difficult to parse manually, but new technologies do exist which can identify these abnormalities automatically, and either alert security teams to their presence, or take automatic action to remediate them in realtime.
Ensure Robust Audit Tools are In Place
Finally, any security strategy implemented which can detect spear phishing and credential theft must be supplemented by strong, realtime, and comprehensive audit tools. Being able to demonstrate that your organization is meeting the specific requirements of the regulations which you are subject to both reduces the amount of manual work that is required to remain compliant, and also makes it significantly easier to show that appropriate measures are in place to avoid charges of negligence should a breach ever occur.
If you’re responsible for protecting your organization from highly targeted and motivated hackers, we’ve got you covered. Check out our free eBook, The CISO’s Guide to Spear Phishing Prevention, for insight, guidance, and a framework for ensuring that your company isn’t the next high profile data breach on the evening news.