Facebook, LinkedIn, Kaseya, SolarWinds, Acer, and FedEx – What’s the commonality between all these behemoths? You guessed it – All these companies have been victims of security attacks of some form or the other. According to a Statista article, there were more than 240 publicized ransomware attacks worldwide in 2021- a YoY increase of ~25%. An IBM report states that average data breach costs rose from USD 3.86 million in 2020 to USD 4.24 million in 2021. In the world of security, it is often said that for every lock, there is someone out there trying to break in.

While mankind has taken long strides towards technological advancement, security attacks have become our biggest deterrent. Even though the pandemic has led to everyone talking about security, only a limited number of professionals/teams understand it and an even smaller cohort has the required knowledge to build a secure IT environment or respond to a security attack.

As part of this blog, I have tried to create a simple guide to building a secure environment and response framework in case of a security attack.

What is a security attack and what are the most common types of security attack?

A security attack can be defined as an attempt by an entity (often called threat actor) to gain unauthorized access to IT assets and systems to steal confidential data, alter/delete data, lock access to data, or use the breached systems (or a network of breached systems) to perform certain compute-intensive tasks. Simply put, an enterprise is said to be under a security attack when it does not have full control over its IT assets and digital data stored. While there are numerous ways by which an orchestrated security attack can be carried out, the following are some of the most common types:

1. Malware: A contraction of “Malicious Software”, Malware refers to any program or file that has been intentionally and specifically designed to harm a computer. It includes spyware, ransomware, viruses, and worms.
2. Phishing: Fraudulent communications (usually email) that appear to come from a reputable source. The goal is to steal sensitive data like credit card data and login information or to install malware on the victim’s machine.
3. Denial of Service (DoS): Flooding of systems, servers, or networks with traffic to exhaust resources and bandwidth resulting in the system’s inability to process and fulfill legitimate requests.
4. SQL Injection: SQL injection occurs when malicious code is inserted into a server that uses SQL thereby forcing the server to reveal protected information.
5. Zero-day exploit: Refers to the scenario where an attacker exploits a recently announced vulnerability (i.e., a loophole to get unauthorized access) whose patch has not been released/implemented.

The primary motive of a security attack is to gain access to confidential and sensitive information (often termed as a data breach). The recent security attacks leveraging the Log4Shell vulnerability which had set the security world on fire was an example of zero-day exploit as attackers had started exploiting the vulnerability even before patches were made available and could have gained access to sensitive enterprise data.

How to design and build a secure IT environment?

Designing and building a secure environment requires dedicated effort, the right investments, and deep analysis. There’s no silver bullet solution with security, a structured and systematic defense is the only viable defense. Adopting the following security mechanisms can help minimize the risk of security threats thereby improving overall security posture:

1. Performing security assessment and building security strategy through risk management: Thoroughly discover, assess, and analyze current security posture to understand the gaps and areas of improvement. Build a detailed and time-bound security strategy aligned to business objectives.  It is also important to perform a regular security risk assessment and fine-tune the strategy based on changes in external or internal factors.
2. Having a dedicated team of security experts: I have stumbled across many highly valued organizations that are reluctant to have a dedicated security team, probably because they don’t see breaches happening every day in their organization. However, it is important to understand that a single breach can not only lead to financial losses but also negatively impact the market reputation and hence the need for a dedicated security team
3. Awareness and training: One of the most underrated yet effective methods of preventing systems from getting compromised as a security attack. Frequent training, advisories on new security issues, mock security drills, workshops, and campaigns are some of the ways to ensure that employees/ users do not fall prey to security threats
4. Investment in right tools: Implementation and correct usage of advanced security tools such as Next-gen firewall, End-point detection and response tool, email protection, and vulnerability management tool can protect against security threats. However, it is important to correlate the information that these tools provide to make them highly effective
5. Be complaint: Adhere to industry-relevant information security compliances such as GDPR, PCI DSS, HIPAA, and other relevant compliances. Perform regular audits to uncover issues and take necessary actions to improve compliance level

How to respond to an ongoing security attack?

In the situation of an ongoing security attack, I have witnessed instances of enterprises being panic-stricken and working haphazardly to ensure that systems are not compromised or to limit the damage. It is important to understand that a simple but well-defined plan of action is extremely necessary to systematically safeguard systems during a security attack. The following framework can be adopted to successfully maneuver through a security attack:

In the post-pandemic era, as working remotely has become the new norm, ensuring security is a necessity as well as a challenge. Although several businesses are trying to become resilient by adopting digital technologies, the threat actors are devising novice methods of penetrating to gain a foothold on enterprise data and assets. So, the need of the hour is to implement an effective and robust security solution to mitigate security risks.

Building a strong defense against security threats requires a holistic thought process. Brillio brings in the right blend of well-defined security processes, effective implementation, and usage of security tools along with the expertise of experienced security professionals. The security module of our proprietary tool Brillioone.ai is purpose-built to enhance and transform the security posture of enterprises.