Following the investigation into the attempted hack into the Garda Síochána (Irish Police) computer system, Jonathan reminds organisations of the importance of having early warnings in place and sharing intelligence to ensure we’re one step ahead of attackers.
Jonathan Martin, Anomali EMEA Operations Director at Anomali:
“The old adage of “Fail to Prepare” has never been more relevant to organisations today – the volume and complexity of attacks is changing at such a rate that it is increasingly difficult for security teams to keep up with the fast changing world of hackers and the threats they pose. The information needed to understand the severity of Actors, TTPs, Campaigns etc., is usually spread far and wide across the internet and often restricted viewing from within a corporate network.
That’s why it is crucial to work with specialist companies who assimilate this information (both human-readable and machine-readable) into one easy-to-consume resource, enabling analysts to quickly and easily assess a threat and decide how relevant it is to their company. Practice really does make perfect – attacks nowadays can be over extremely quickly, so having highly trained security teams ready to go, with the necessary knowledge and the right tools to make the right decisions under stressful situations means that the impact of the attack can be greatly reduced. Understanding the tips and techniques used by the attackers and pulling in threat intelligence from as many sources as possible ensures that the vulnerability or exposure of a company can be reduced down from many months to just minutes and hours.
Too often I come across under-staffed, over-worked security teams who spend far too long doing the (very necessary) simple, basic things and yet never step back to look at the bigger picture of what’s going on at a macro level.
We all know that the bad guys share Intelligence on how to break into a network all the time – we (as good guys) need to start doing the same, to share Intelligence between ourselves in real time about who the attackers are, where they live, what techniques they typically use.”
The opinions expressed in this post belong to the individual contributors and do not necessarily reflect the views of Information Security Buzz.