ANALYSIS: You can’t prevent all attempts to penetrate your enterprise security, but you can impede the attackers and you can keep them from getting the data they want
By now you’ve seen the warnings, or if you haven’t your CISO has. US-CERT and the FBI have issued warnings that the government of North Korea has been attempting a series of largely successful cyber-attacks against interests in the United States and elsewhere in the world.
These attacks have the ultimate goal of sowing chaos and distrust in the west as well as to prepare for a cyber-war.
Right now the North Koreans are in the process of examining as many networks of all types as they can so that the attackers know exactly where to hit and what to do when they get there.
North Korea hackers
Fortunately, there are steps you can take now that will reduce the impact of those cyber-attacks if and when the come. If you’re proactive, you may be able to prevent any information regarding your enterprise from ending up in the wrong hands. But there are several critical you need to know to protect your organization’s network.
First, you have to assume that the North Koreans have already penetrated your network. That does not mean that you should drop your efforts to prevent penetration, but you have to take steps that assume they have broken in. Second, you have to prioritize the threat, which is high, meaning that you’ll need to spend the money and allocate the resources necessary to protect your company.
1. Stay up to the minute on threat intelligence, and make sure you know those threats affect you. Stu Sjouwerman, founder and CEO of Knowbe4 suggests checking WikiLeaks on a daily basis for reports of new releases of NSA hacking tools. When you find them, make sure your network is protected against those vulnerabilities. It’s important to know that many of those hacks depend on long patched vulnerabilities, so you will need to make sure that your network has been thoroughly patched.