Your data security is paramount in the cyber security war. You must have plans in place to ensure its integrity, but what good are plans if they’re never tested?
In this blog, we’ll look at the basis for testing and explore four specific use cases to include in your testing processes.
In today’s world, we have to constantly evaluate our technology in preparation for a potential disaster or a cyber security event. Multiple use cases should be listed to test how applications, systems, devices, and interfaces will respond in the event of an outage or attack. In business continuity, emergency management, or disaster recovery planning tests, flaws in backup processes and failover actions are spotlighted when systems go offline and critical data is unavailable.
But technology is only half of the picture—we must also constantly test our people. For example, how would your IT or security team respond to a ransomware outbreak, or to a strategic DDoS attack? The reality is that a lack of security team readiness is often more of a problem than the technology. Conducting tests with our teams can improve incident response plans by:
- Clearly identifying roles and responsibilities
- Clarifying decision-making responsibilities
- Ensuring a strong understanding of protocols and requirements, and
- Building the capacity to successfully respond to and recover from a significant cyber event.
Now let’s look at use cases, the scenarios we build our testing around. The following four use cases are just a sample of a list which each one of us should define according to our resources:
- Unauthorized Computers and Devices on Network – Computers and devices that haven’t gone through proper verification processes before joining your corporate network are ideal targets for attackers. Can your response teams not only identify attempts to connect to our network but also block them? Have you tested how quickly they can do this?
- Password and Other Suspicious Requests – Cybercriminals can pose as employees, contractors or third-party vendors to bait employees into divulging sensitive passwords and other access controls. Your security personnel should be trained on how to respond. You can test your incident response teams and employees by running exercises to simulate password requests from familiar sources such as the help desk or even executives, whom cybercriminals often pose as.
- Malicious Attachments – It is just as important for your security team to know when malicious attachments make their way onto the network as it is to avoid opening them. If malicious attachments make it through your filters and into your employee’s in-boxes, you need a plan in place—one that has been practiced—to be able to respond quickly and limit the damage.
- Phishing Emails – The frequency of phishing emails and overall business email compromise (BEC) has gained momentum, especially as ransomware attacks have been on the rise.
According to a study conducted by Malwarebytes, 47% of U.S. companies experienced a ransomware attack in the last year.
And where did those attacks originate? According to the same study, 50% of ransomware attacks resulted from someone clicking on a malicious link in emails.
Educating employees to practice due diligence is the first step. Many companies are also conducting faux phishing exercises and finding them to be a valuable teaching tool.
Practicing these use cases on a regular basis can help your team identify weaknesses and be better prepared before you’re in the midst of a crisis, saving you time, money, and peace of mind.
Keep in mind that if you need any further guidance in these areas, Aptris has the expertise to assist. We can help in creating a full security practice or enhancing what you currently have.
Always remember, data security is the objective. HAPPY TESTING!
Contributor: Diego Jimenez, Aptris Senior Solutions Consultant – Advisory Services Group