Skip to main content

IT security: Don’t let them know what you know

Security has never been a more pressing issue for businesses than it is now. Mobile working, the proliferation of increasingly sophisticated, connected devices, and the growing number of applications relied upon by the modern enterprise all represent potential risks that weren’t apparent in generations past.    

There is a growing fear about the level of damage that cyberattacks could bring, so much so that the United Kingdom has launched a £1.9bn National Cyber Security Strategy to prevent such attacks.    

This is seen as a necessary expenditure, as data breaches now constitute a game-changing loss for businesses. A recent study found that the average consolidated total cost of a data breach has grown to around $4 million.    With this kind of money in play, the level of threat also evolves. The enterprise is no longer dealing with teenaged basement-dwellers. Today, security is all about fending off organised crime syndicates hoping to exploit the security windows evolving technologies have opened.    

So, if your company is breached, what do you do? The answer might not be as obvious as you think.

Life’s a breach

There are several ways that businesses can better equip themselves to tackle security threats, from end-to-end monitoring, which will allow security analysts to witness and act upon any suspicious activity throughout the organisation, to ensuring that the appropriate tool kits are up to date.    

Indeed, knowledge of the current landscape of attacker tools is a huge boon for companies looking to avoid infiltration. By being aware of the tools that attackers are using, you can better equip your company to combat them.    

Of course, it’s not enough to know about what tools an attacker is using. You have to ensure that your tool kit is advanced enough to combat them.  

Essentially, you don’t want to bring a knife to a gun fight.  Herein lies a challenge for security analysts, who struggle with being able to program and code in time to keep up with these advances. Time and resources allotted to this task can reduce risk in the long run.    

So, there are ways to fight off cybercriminals, but what if you discover your business has already been infiltrated?  

Dealing with intruders

Much like finding an unwanted guest in your home, instinct and common sense would usually dictate that, were your company breached, you’d look to weed out the perpetrators and do whatever you could, as quickly as you could, to remove them.   

However, it may be more valuable if, upon learning of the intrusion, your company isolates and monitors what’s going on. Now, this may seem contradictory, like letting a burglar root around your house for a while before calling the police, but bear with us.    

If you see that you have been compromised, you have two options: first, you could immediately change all of your passwords and wipe all machines that may have been accessed. The upside of this is the fact that the breach has been quickly addressed. The downside is that the criminals will immediately know that they’ve been detected, eliminating any further chance of investigation. It’s also very likely that the attackers were able to compromise machines you didn’t notice.    

The alternative is that you wait, and monitor just how far the infiltration goes. It may be best to not let the attackers know that you know that they are there. If this sounds odd (and a bit confusing), that’s because it may feel counterintuitive. It’s also a very advanced technique that you should only undertake if you have sufficient staff and are confident the attackers are isolated from damaging your business.   

However, by being patient, and investigating the way attackers infiltrated your organisation, and the level of access they achieved, you will be better placed to identify the scope of the breach and prevent similar future attacks.    

Enterprise security is likely to dominate the headlines for many years to come, with more money to be made and attackers growing increasingly sophisticated. A considered, measured approach to incident response can help your organisation plan for the future, and ensure that any action taken today will help your organisation tomorrow.  

Image Credit: Pavel Ignatov / Shutterstock
Mav Turner, Director,