CVE-2024-3400: PAN-OS Command Injection Vulnerability in GlobalProtect Gateway. Learn More

CVE-2024-3400: PAN-OS Command Injection Vulnerability in GlobalProtect Gateway. Learn More

Services
Capture
Managed Detection & Response

Eliminate active threats with 24/7 threat detection, investigation, and response.

twi-managed-portal-color
Co-Managed SOC (SIEM)

Maximize your SIEM investment, stop alert fatigue, and enhance your team with hybrid security operations support.

twi-briefcase-color-svg
Advisory & Diagnostics

Advance your cybersecurity program and get expert guidance where you need it most.

tw-laptop-data
Penetration Testing

Test your physical locations and IT infrastructure to shore up weaknesses before exploitation.

twi-database-color-svg
Database Security

Prevent unauthorized access and exceed compliance requirements.

twi-email-color-svg
Email Security

Stop email threats others miss and secure your organization against the #1 ransomware attack vector.

tw-officer
Digital Forensics & Incident Response

Prepare for the inevitable with 24/7 global breach response in-region and available on-site.

tw-network
Firewall & Technology Management

Mitigate risk of a cyberattack with 24/7 incident and health monitoring and the latest threat intelligence.

Solutions
BY TOPIC
Microsoft Exchange Server Attacks
Stay protected against emerging threats
Rapidly Secure New Environments
Security for rapid response situations
Securing the Cloud
Safely navigate and stay protected
Securing the IoT Landscape
Test, monitor and secure network objects
Why Trustwave
About Us
Awards and Accolades
Trustwave SpiderLabs Team
Trustwave Fusion Security Operations Platform
Trustwave Security Colony
Partners
Technology Alliance Partners
Key alliances who align and support our ecosystem of security offerings
Trustwave PartnerOne Program
Join forces with Trustwave to protect against the most advance cybersecurity threats

9 Powerful Ways to Help Prepare for a Data Breach

Do you ever have that dream where you're back in college and you've somehow forgotten to attend one of your classes for months? If you fail you won't graduate - yet it is too late to drop the course. Not only are you sweating bullets about passing the final exam, but you've also missed countless other tests and assignments. Throughout the dream, you're kicking yourself: How could this class have slipped my mind? Yet you still find yourself powerless to ever to make it to class or study for the exam.

When you finally wake up, you're relieved (and, for a moment, happy your college years are behind you). This dream - or a version like it - happens to many adults who are feeling stressed over something in their lives. And if you're a security professional still dealing with school anxiety dreams many years later, it could be that you're jittery over your organization's ability to handle the all-too-common prospect of a major data breach. And why wouldn't you? According to the Ponemon Institute, the average cost of a breach has now stretched to $3.79 million.

But don't fret: It's not too late to earn a passing grade on your incident response. Just follow these nine valuable recommendations for preparing for and mitigating the inevitable compromise crisis - thus helping ensure you'll sleep at least a little more peacefully at night.

1. Risk Assessments/Gap Analysis

First things first: You need to understand what you're working with and what can potentially give rise to an incident. To answer this, you must focus on three of your biggest assets: your employees, your data and your IT systems. Keep an eye on recently terminated workers who may be holding onto a grudge (as well as the behavior of current staff). Chart where your sensitive data flows and with whom it's being shared. And evaluate the patch and configuration status of your systems and applications, as well as potential attack vectors they may offer.

2. Incident Detection

Many companies are getting better at identifying incidents early on, which is helping limit the amount of damage that saboteurs can unleash if they do breach your perimeter - an increasingly likely proposition. If you're still prioritizing prevention over detection, you could be making a costly mistake. Follow these suggestions to help improve your breach detection capabilities. Remember: It's important to be proactive, including regularly scanning endpoints across your network to search for malicious behavior that can indicate an active intrusion is underway.

3. Team Building

One of your biggest priorities should be to assemble a well-oiled computer incident response team (CIRT) - with each member handling defined roles and responsibilities, including threat monitoring, vulnerability assessment and incident handling. In many cases, a resource-constrained organization may lack the skill sets to handle all of these specialty tasks on its own, so partnering with a company that performs IR can be helpful. In addition, your CIRT must collaborate with other business groups, including public relations, legal, human relations and the executive team, especially following an incident.

4. Response Plan Development

If an incident happens, you need to be ready to go. You must have already developed, documented and drilled a clearly defined procedure for incident response. The response plan should specifically state how you will address each incident class, from garden-variety threats to full-on network compromise, as well as from initial detection all the way to post-mortem and lessons learned. And don't forget the most important part: Test your plan regularly.

5. Partnering Up

As we've already alluded to, if you are like most companies, your IT staff is already beleaguered, never mind ready to handle all of the network analysis forensic data acquisition that is required to address a major incident. Having an already established relationship with a security partner you have on speed dial - think of Ghostbusters for hackers - will help go a long way to mitigating the fallout and help put you in a better position for it not to happen again.

6. Attack Simulation

An important part of incident readiness is to find out how susceptible you are to an incident in the first place. One way you can accomplish that is through tabletop exercises that won't disrupt your operations. In addition, you can contract with your security specialist partner to orchestrate real-time attack exercises that evaluate the propensity of your employees to fall for, for example, a phishing attack, as well as your own ability to respond to a real incident. Results of these exercises are essential to understanding any gaps in your incident response plan, and enabling you to continually update it and ensure maximum efficiency.

7. Triage Training

Minutes matter more than anything following an incident, whether it's at a disaster site, in a hospital or on a compromised network. In the immediate aftermath, there will be many moving parts, but you need to already have the understanding of how to remove the guesswork and prioritize your efforts so you can collect, analyze and act on information as quickly as possible, especially in the likelihood that you are working with depleted resources.

8. Malware Reverse Engineering Training

If you can get your hands on a weapon used by your enemies, it's a no-brainer to study and understand it as much as you can. This will help you not only better comprehend how this particular attack occurred, but also will arm you with critical insight you can use to help prevent future intrusions. While many intruders are opting for methods like phishing stolen credentials and using legitimate administration tools to progress their attacks, malware still plays a big role in breaches, especially in obtaining additional privilege-elevating credentials and attacking point-of-sale systems.

9. Threat Intelligence

It is important for you to stay up to date on the latest cybercriminal patterns, attack techniques and malware trends that your adversaries are using so you can be more proactive, instead of merely reactive. Our recently released 2016 Trustwave Global Security Report is a good start to field the latest trends, but having real-time access to a security provider with global intelligence and 24x7-staffed security operations centers is a far more effective option.

For more information on how Trustwave can help with incident readiness, visit here.

Latest Trustwave Blogs

The Power of Red and Purple Team Drills in Enhancing Offensive Security Programs

Despite investing in costly security solutions, keeping up with patches, and educating employees about suspicious emails, breaches still occur, leaving many organizations to wonder why they are...

Read More

Balancing Innovation and Security: How Offensive Security Can Help Navigate the Tech Industry’s Dual Challenges

Two of the greatest threats facing technology-focused organizations are their often-quick adoption of new technologies, such as artificial intelligence (AI), without taking security measures into...

Read More

Trustwave Government Solutions (TGS) Salutes New Mexico’s New Cybersecurity Executive Order

New Mexico Governor Michelle Lujan Grisham issued an Executive Order to shore up the state’s cybersecurity readiness and better safeguard sensitive data by conducting a state-wide security assessment...

Read More