One of the biggest mistakes made these days by many organizations is that when they’re attacked by cybercriminals, they only focus their efforts on mitigating the current threat, instead of trying to prevent such incidents from occurring in the future.Experts from managed security solutions provider Solutionary have published an interesting advisory detailing the steps that need to be taken for proactive threat mitigation.
The first thing an organization must do is identify the attack, particularly the attack vector and what actions have been taken as part of the attack. For instance, the attack vectors could be remote, local or even social engineering.
The attackers could have installed malware, or they might have stolen sensitive information from the company’s servers.
Secondly, targeted businesses must immediately establish what the attacker is after. Is it emails, passwords, banking information, databases, or proprietary information?
Finally, they must try to obtain as much information as they can on the attacker. Questions such as “Is this a one-off, single instance, attack?,” “Is this going to be an ongoing recurring attack?” and “Why are they attacking us specifically?” must be answered.
“After identifying what is being targeted, you can begin the process of setting up an improved defense. Don't just fix the problem at hand and move on, be proactive,” explains Jacob Faires, research analyst at Solutionary’s Security Engineering Research Team (SERT).
“Actually responding to the incident at hand is only the first step. The part people often omit is using that incident as an opportunity to help recognize weaknesses, and then implementing fixes and improving security. Take advantage of the situation to help maintain a more secure network and mitigate actual risk,” Faires added.