TRENDING:

Breach Response: Fighting Persistent Intruders

Expert Offers Lessons Based on Study of Breached Organizations Marianne Kolbasuk McGee (HealthInfoSec) • November 13, 2015     15 Minutes   
Breach Response: Fighting Persistent Intruders
Wendi Whitmore of CrowdStrike

Because hackers often find a way to stick around or repeat their network intrusions after remediation efforts are completed, organizations need to ramp up their "continuous detection" efforts, says security expert Wendi Whitmore of the security consultancy CrowdStrike.

Crowdstrike's analysis of dozens of its clients' breach response efforts, described in a new casebook, shows that all of the hacked organizations "faced the attackers trying to get back into their environment and re-infect them after they concluded their remediation event - which is the event that is the culmination of the investigation and you try to eject the attacker from your environment."

That's why it's essential for organizations to focus on "continuous detection and visibility into their environments," she stresses.

Often after a large breach, organizations believe that they are "wiping the slate clean" once remediation processes, including implementation of new technologies, are completed, Whitmore notes. But in reality, these organizations remain prime targets for new or repeated attacks, which is why they must ramp up efforts to detect and contain intrusions.

Prepared Workforce

Another essential element of any effort to detect and remediate breaches, Whitmore says, is training the workforce to act on the warning signs that something is amiss, she says. Companies often invest in technologies that can help alert staff of potential security incidents, yet the staff is not properly prepared to carry out processes to contain the incidents, she notes.

CrowdStrike's analysis also found that organizations that carried out security processes more successfully conducted penetration tests as well as "table-top exercises that involve stakeholders, including the CEO, operations department and general counsel and communications staff," she says.

"As organizations get more mature, they tend do these things more frequently, such as testing out new scenarios on a quarterly basis so that they can continually identify areas for improvement and gaps," Whitmore says. "So if they actually go through one of these breaches, it's not the first time for everyone. They understand the playbooks. They understand what they are going to communicate."

In the interview (see audio link below photo), Whitmore also discusses:

  • Other key findings in the CrowdStrike analysis;
  • How the healthcare sector compares with other industries in its ability to detect and defend against cyberattacks;
  • Tips for protecting medical devices from becoming entry-points for cyber intrusions into their networks.

Whitmore has more than 10 years of experience in the computer security, including a career with the U.S. military. As vice president of services for CrowdStrike, Whitmore, along with her team, responds to security breaches and offers remediation services. Previously, she was a managing director for Mandiant's Los Angeles office. In this role, she was responsible for leading a team of security consultants that responded to large security breaches throughout the world.

Previous
Why Banks Need to Prepare for More Chase-Like Breaches
Next
What the JPMorgan Chase Breach Teaches Us



Around the Network

How 'Security by Default' Boosts Health Sector Cybersecurity
How 'Security by Default' Boosts Health Sector Cybersecurity
How the NIST CSF 2.0 Can Help Healthcare Sector Firms
How the NIST CSF 2.0 Can Help Healthcare Sector Firms
Is It Generative AI's Fault, or Do We Blame Human Beings?
Is It Generative AI's Fault, or Do We Blame Human Beings?
Safeguarding Critical OT and IoT Gear Used in Healthcare
Safeguarding Critical OT and IoT Gear Used in Healthcare
Protecting Medical Devices Against Future Cyberthreats
Protecting Medical Devices Against Future Cyberthreats
Properly Vetting AI Before It's Deployed in Healthcare
Properly Vetting AI Before It's Deployed in Healthcare
Identity Security and How to Reduce Risk During M&A
Identity Security and How to Reduce Risk During M&A
Medical Device Cyberthreat Modeling: Top Considerations
Medical Device Cyberthreat Modeling: Top Considerations
Evolving Threats Facing Robotic and Other Medical Gear
Evolving Threats Facing Robotic and Other Medical Gear
Transforming a Cyber Program in the Aftermath of an Attack
Transforming a Cyber Program in the Aftermath of an Attack

Our website uses cookies. Cookies enable us to provide the best experience possible and help us understand how visitors use our website. By browsing databreachtoday.com, you agree to our use of cookies.