{"id":43447,"date":"2020-03-18T00:00:00","date_gmt":"2020-03-18T00:00:00","guid":{"rendered":"https:\/\/www.trendmicro.com\/en_us\/ciso\/20\/c\/top-three-tactics-for-cisos-facing-targeted-attacks.html"},"modified":"2020-03-18T00:00:00","modified_gmt":"2020-03-18T00:00:00","slug":"top-three-tactics-for-cisos-facing-targeted-attacks","status":"publish","type":"post","link":"https:\/\/www.threatshub.org\/blog\/top-three-tactics-for-cisos-facing-targeted-attacks\/","title":{"rendered":"Top Three Tactics for CISOs Facing Targeted Attacks"},"content":{"rendered":"

<\/p>\n

<\/div>\n

With targeted attacks showing no signs of slowing down, you need to ensure your organization is not only implementing the right security, but also following best practices, like network segmentation, analyzing network logs, and knowing when it is time to outsource incident response. Check out our recommendations for securing your network from targeted attacks and minimizing risk today, and in the future.<\/b><\/p>\n

Securing the network from targeted attacks<\/b><\/p>\n

Targeted attacks remain a serious risk to organizations, despite the continued advancement of security technologies. Many organizations still fall prey to targeted attacks because of the growing sophistication of tactics and tools cybercriminals use to stealthily breach the network.<\/p>\n

In fact, a 2019 study conducted by Accenture and the Ponemon Institute shows that the average cost of cybercrime for each company\u2014where sophisticated attacks are at play\u2014has increased from US$11.7 million in 2017 to US$13.0 million in 2018.<\/p>\n

Fortunately, you can still boost your defense strategy by complementing your cybersecurity solutions with best practices that can prevent targeted attacks and their devastating consequences. The following are three security recommendations that can protect your network from targeted attacks:<\/p>\n

1. Implement Network Segmentation<\/b><\/p>\n

When it comes to network infrastructure, a word that typically comes to mind is complexity, as it involves layers of users, workstations, servers, and connected devices. Complex networks pose challenges to security in terms of visibility and access management. To gain greater visibility, experts recommend breaking down individual components into ordered segments, which can be by department, location, or security level.<\/p>\n

Network segmentation also prevents your employees from accessing parts of the network\u2014and thereby digital assets\u2014that should be restricted to them. This way, in the event of an attack, hackers and even insider threats can be prevented from accessing every part of your network\u2014ultimately lowering your risk.<\/p>\n

An important part of the network segmentation process is identifying critical assets that could cause your organization major damage if compromised. You need to determine which of your critical assets are most vulnerable to attacks and assign an appropriate level of security.<\/p>\n

2.  Analyze Your Network Logs\u2014A Lot of Them<\/b><\/p>\n

The collection and analysis of logs can help your organization detect targeted attacks and provide valuable information about the attackers. For example, with log analysis, you can better understand how attackers made their way into the network and their strategy (data exfiltration, corporate damage, etc.).<\/p>\n

Logs can provide insights into your network\u2019s general activity. By scanning for suspicious network activity, your security team can be more proactive when a suspected targeted attack is underway, and hopefully stop it before causing too much damage.<\/p>\n

It is important to note that the use of logs can only be maximized by analyzing a large amount of them. Log analysis doesn\u2019t only provide new threat intelligence; it also allows for the discovery of significant events in the network. Without an abundance of logs to analyze, a security professional can\u2019t tell the whole story.<\/p>\n

3.  Establish a Cybersecurity Incident Response Team<\/b><\/p>\n

In a perfect world, an organization would have an incident response team composed of cross-functional members from different departments who can deal with multiple concerns in the event of a targeted attack. The cybersecurity incident response team, in particular, should be separate from the regular IT team, and should be trained to address sophisticated attacks.<\/p>\n

However, an in-house incident response team is becoming more difficult to assemble because of the widening cybersecurity skills gap. While some in-house IT staff members and security professionals are trained to manage and control the network, they may have minimal experience when it comes to targeted attacks. In addition, the lack of cybersecurity workers can overwhelm organizations\u2014too many alerts, not enough staff.<\/p>\n

Your best course of action to address this challenge is leveraging a third-party incident response team to help with your security needs. One type of service is managed detection and response (MDR), which gives organizations access to experienced cybersecurity professionals who can expertly perform a root cause analysis to get an understanding of:<\/p>\n