On July 1, 2021 the US National Security Agency (NSA), Cybersecurity and Infrastructure Security Agency (CISA), FBI, and UK National Cyber Security Centre (NCSC) released an advisory reporting on “malicious cyber activities by Russian military intelligence against U.S. and global organizations…”
The advisory shared that “brute force” is being used to “penetrate government and private sector victim networks.”
To understand what this means for organizations and what they should do we talked with Mark Lanterman (LinkedIn), Chief Technology Officer at ComputerForensic Services. He explains in this podcast that it’s not just the brute force attacks that should cause concerns. It is these efforts combined with the use of “known vulnerabilities” to access data undetected.
What should organizations do to protect themselves? He advises following the recommendations in the advisory. For one adopt multi-factor authentication along with time out and lockout features. Other steps to take include network segmentation and closely monitoring access controls.
He also suggests that organizations review existing protocols to ensure that they are actually being followed. Just because a policy is documented, he warns, doesn’t mean it is being applied.
If your organization is using a cloud provider, he recommends take the time to revisit its value as a tool, what protections are in place, what data is stored and where it is stored. Ask your cloud provider about the infrastructure it uses, how it is protected, and what are the backup and protection policies. Trusting any third party with your data, including a cloud provider, is not something that should be done lightly.
Inside your organization, he argues for rethinking the approach to data security, changing it from something you train on once a year to an entire culture. There can’t be a set it and forget it mentality. A much more dynamic approach is required.
Listen in to learn more about how you can better protect your organization against brute force and more subtle attacks.