Nine Indicators of Compromise a Cyber Threat Assessment Will Help You Uncover

Jun 13, 2017 11:09:18 AM

Your network has probably been breached. You just don’t know it yet. That is the nature of cyber attacks, many of which lie dormant and undiscovered for far too long. In 2016, Verizon published in its Data Breach Investigations Report (DBIR) that a whopping 83% of compromises took weeks or longer to discover.

glenn-carstens-peters-203007-3.jpg

Why You Need a Cyber Threat Assessment

The longer malware remains hidden, the more damage it can cause. To root out threats before they wreak havoc on your environment, you need to recognize indicators of compromise. Performing a cyber threat assessment is the first step, because it gives you a baseline from which to compare your observations of network behavior.

According to a blog authored by Matti Blecher of Fortinet, an Istonish technology partner, an in-depth threat assessment can help you understand:

  • Which application vulnerabilities are attacking your network
  • Most critical assets and where they reside
  • Malware and bots infecting your system
  • Devices most at risk
  • Which at-risk social apps your employees are running
  • Throughput, bandwidth and usage requirements during peak hours

Once you know what constitutes normal network and user behavior, it becomes easier to identify indicators of compromise, which can include:

  • Reduced operating speeds
  • Badly functioning antivirus software
  • Machines restarting or shutting down unexpectedly
  • Errors in applications and system event log entries
  • New ports open on firewalls
  • Suspicious firewall log entries
  • Heavy network traffic from a particular workstation
  • New users created with admin privileges
  • Unusually heavy network traffic 

Being able recognize signs of a compromise early in the cyber attack cycle can help you stop threats from spreading and/or reaching their intended targets. But this doesn’t diminish the importance of taking steps to prevent data breaches in the first place.  

How do cyber attacks break through?

Unpatched and outdated systems remain top vulnerabilities and easy pickings for cyber attackers. According to the 2017 Verizon DBIR, popular ways to exploit these systems include:

  • Targeting employees with phishing email scams. 1 in 14 users was tricked into following a link or opening a malicious attachment in an email.
  • Taking advantage of weak passwords. 80% of hacking breaches involved stolen or weak passwords. Setting strong passwords is a must.

Completing Cyber Threat Assessments

The cybersecurity market has grown rapidly to counter the rise in cyber attacks, which has increased 125% from five years ago, according to the Ponemon Institute. Research firm Markets & Markets projects cybersecurity market value to reach $202.36 billion by 2021, up from $122.44 billion in 2016.

Attacks will happen. To protect your network, identify threat indicators and radically improve your cyber security. Performing a cyber threat assessment is a good first step. Start by reviewing of our free sample report to learn what your can expect from your Vulnerability Assessment and Risk Analysis.

A Fortinet partner, Istonish can deliver best-in-class expertise and advice to address the results. Contact us to learn more.

James Mathis

Written by James Mathis

James Mathis is a Systems Administrator at Istonish.

Lists by Topic

see all

Posts by Topic

see all

Recent Posts