By Yuh Woei Tan, Symantec Senior Director for Cyber Security Services
With around 33.6 million of internet users in the Philippines and a staggering 22 percent increase in internet penetration in the past year, the Philippines stands as a very attractive target for cybercriminals.
Based on the 2014-2015 Philippine Cybercrime Report published by the Department of Justice-Office of Cybercrime, intellectual property theft is deemed a major threat not only to consumers but to businesses as well. Records in 2012 showed a surge in intellectual property theft cases, 42% of which were targeted towards manufacturing sectors and small businesses. The report states that consumers and businesses remain susceptible to ransomware and mobile threats, particularly on the Android platforms.
Eventually, your organization will be targeted in a cyber-attack. While security incidents may be inevitable, the consequences of data breaches don’t have to be. Breaches are often the result of a lack of cyber security readiness, early detection, or timely response. So, what are the proactive measures that should be taken against breaches?
Before the cyber attack
Take these steps to help your organization before an attack:
• Prepare early and often. Preparation is not just a document. As Symantec’s newly released white paper entitled “Anticipating the Breach” advocates, it’s a living program that needs to be built, tested, and refined—and then tested and refined again and again.
• Build an effective team. Make it a priority to continually develop and grow the security team by assessing their skills, identifying gaps, and training them in realistic scenarios. The security plan is nothing without a solid team behind it.
• Integrate global threat intelligence. Adversaries are constantly changing tactics. Organizations need to create a defined threat intelligence program that continually monitors global adversary trends and campaigns.
During the cyber attack
Today, attackers are using sophisticated tactics to evade detection while infiltrating defenses—and many of these attacks go unnoticed for months or even years. Knowing how to react in the midst of an attack is critical.
• Detect and respond quickly. The faster an incident is detected and prioritized as critical, the faster resources can be allocated to respond.
• Apply threat intelligence. Armed with the right level of global threat intelligence, you can go on the offensive and proactively hunt for threat indicators within your own environment. Consider partnering with a security technology and intelligence partner who can help extend the technical and human resources capability of your own security team.
After the cyber attack
• Contain and remediate. Your response team must contain and remediate as fast as possible so an incident does not result in a breach.
• Post-attack executive briefing. Have a final executive briefing to review lessons learned and assess your cybersecurity program.
• Training and testing. Incident response teams need constant training, development, and testing to build incident readiness “muscle memory”. Once that incident occurs, a trained and tested response team will be ready to take immediate action.
Overall, incorporate lessons learned from the attack to refine your security program and prepare your teams for future incidents.
