How Does Your Security Story End?
It’s a lazy afternoon on the Friday before a long weekend. You are getting ready to shut things down and spend some quality time with family after an exhausting week. It is always exciting to not think about work for a little while and decompress; with recent global events though, this has been a challenge.
On the other side of the world, unfortunately, nationwide long weekends are prime time for cyber attacks. An adversarial group is planning their attack on your digital systems.
They’ve been monitoring your companies activity with low-level drive-bys and door knocking and have identified long weekends as prime time to step up their game. As they make their first move, your security story’s may already be predetermined.
The analyst in the Security Operations Center (SOC) notices something fishy.
Yes, it’s a malicious piece of code attempting to embed into a C-suite’s laptop.
The Security Analyst knows to act quickly, because they have encountered this before in other environments.
As the analyst escalates the situation, they attempt to isolate the issue and call into the Network and Security Operations Center (NSOC) to get the infected host off of the network.
Phew, we were able to do this in time, and it doesn’t seem to be spreading.
At the same time, the Security Team is looking into this piece of malicious code — again, knowing they have seen it in other environments –and thus have a process to handle this quickly and efficiently.
They call into the Network Team and deliver the remediation steps. The Network and Security team verify that the infection has not spread and that the laptop will need to be re-imaged. Other systems in the network are safe.
The malicious attack grants entrance into the C-suite’s laptop. The hackers now have full access to all business operations, and is ready to exfiltrate the data. As the intellectual property, employee records, financial statements, and more are being extracted from the laptop, the hackers have already automated the malware to expand into the company’s entire network.
The two teams, SOC and NSOC, work together to produce a report of what was observed, what and how it was handled, and steps for remediation. This is sent out via email, along with a call to the Head of IT (hot dog in hand, too). Luckily, this was caught in time and localized, so Incident Response and Forensics are not needed (but are alerted and consulted with on the findings).
All is normal at the office Tuesday morning as employees are catching up at the water cooler, sharing stories and experiences from the long weekend.
The adversarial group infected the company’s network, shutdown systems, and exfiltrated all the information they needed 24-48 hours before anyone returns to the office.
As employees return on Tuesday and sign on, they are met with ransomware messages on every single device. There is no small talk around the water cooler, but panic in the C-suite on what to do now as all operations are suspended.
Now is the time to make sure your security story is designed for the ending you prefer.