You must realize that hackers are wont to go to any length to attack large organizations that are even well-fortified with cybersecurity defenses. Whenever they come across stiff opposition as the case might be sometimes, instead of been put off, they try to gain access through intermediaries.
They have now graduated to island hopping attacks in order to stay invisible. Based on the Carbon Black’s 2019 Global Threat Report, Infosecurity magazine says that “In aggregate, enterprises saw approximately one million attempted cyber-attacks per day, though half of today’s cyber-attacks use the victim primarily for island hopping.”
It must be clearly understood that the island hopping attack strategy is not a new “kid on the block,” however, it is daily becoming increasingly important. These attackers strategize on finding new ways to gain access to your enterprise networks inasmuch as you utilize a sort of supply chain.
Once your enterprise is bound to accommodate a greate number of third parties, whether they are remote employees, contractors, corporate customers or suppliers who have to gain access to your resources remotely, you have unwittingly become a prime target for island hopping attacks. You won’t be far from the truth if you refer to their mode of activities as the modern-day lateral movement.
The bitter truth about these set of attackers is that they are ever-persistent and do everything to stay put. Their aim is not just to rob you along with those on your supply chain and get away with their loot. In the parlance of the dark web, these brands of attackers are out to take over the running of your entire organization.
It’s therefore of immense importance that you do everything possible in detecting and stopping the scourge.
How to detect an attack
Since an island hopping attack can be launched at your enterprise from different entry points, you may not be able to completely safeguard all the entry points, you, however, must put your “antenna” in the top flight mood in order to detect any attack.
It’s highly important that you have an incident response plan and a team that is adequately funded and tooled, there can’t be half measures. Often times, after an attack has taken place, you will be under the pressure of a critical level incidence and won’t be able to effectively strategize your plans.
However, if you have a strong incident response team and plan, attacks become easier to detect and even at less cost to the enterprise. Response time is critical to detecting and minimizing damages, and with every second counting, having a team, plan, and the relevant tools handy and in place are instrumental to the detection and eventual mitigation to loss as well as the goodwill your enterprise must have built over the years.
You can also consider outsourcing your enterprise incidence response to a third party on retainer if your team misses out anything, they can pick it up. A good incident response system prioritizes attacks according to their severity.
It’s also a good practice to have your customers watch out and notify you of any malicious activity they notice on their networks for a prompt reaction.
How to prevent an attack
In preventing or mitigating island hopping attacks, you should implement the following best practices.
1. Recommend the same ecosystem of security providers
Since your customers are a sort of appendage to your enterprise, there is nothing wrong in ensuring that they make use of your managed security vendor and your preferred technology stack. It’s obvious that they would have access to some of the data of your company, once they are hacked you are not safe.
It will, therefore, be in your own interest to make sure you help them conduct a security audit or advise them how to go about it. When it comes to securing data, you can’t afford to compromise anything on any aspect.
Many companies across the world have started to recommend the same cybersecurity ecosystem to the ones who want to do business with them and you should follow suit. Do business with a company that’s ready to adopt the same cybersecurity infrastructure.
2. Network segmentation
As a best practice, you must ensure that contractors don’t necessarily get access to all of your servers, restrict them to the only server they need to work on.
3. Multifactor authentication
Attackers have acquired the necessary tech to make mincemeat of passwords. Multi-factor authentication such as 2, 3, 4 or even 5-factor authentication becomes necessary. It’s considered to be one of the best ways to secure your enterprise and stay safe today because of the combination of the factors.
4. Guide against lateral movement and credential harvesting
Rick McElroy, head of security strategy at Carbon Black Inc., says, “Focus on lateral movement and credential harvesting. If you can be really good at detecting those two activities, you’re probably going to stop 80% to 90% of the attacks that are out there — or, at least, know about them when they’re occurring because, in almost every case, the adversaries have to get on another box and they have to get credentials to do it.”
What is expected of any enterprise is to put in place a good measure of incidence response. It’s surely going to help you get back online faster in the case of island hopping attack.
Photo Credit: trendingtopics Flickr via Compfight cc