Nettitude Blog

Five Steps Towards Cyber Breach Preparation

Posted by Ben Densham on Jun 17, 2014 10:01:37 AM

Domino’s Pizza is the latest victim of a breach and ransom demand. The recent Evernote and Feedly DDoS ransom demands, along with the efforts of Cryptolocker and other tricks to extort hard cash from unsuspecting users, are being tested to the max. These brazen attempts to make a quick profit will only be fuelled for as long as they remain successful.

So we are seeing a continuation of a theme here... If you hold password/account information for your customers, and present an online method for them to be used or accessed, you could end up in the news or even on the world stage should the hackers turn their attention to you. Other recent examples include eBay.

So what is the new normal for companies which want to prepare for a cyber breach?

STEP 1 – Recognise your risk (update the risk register): Your risk register should – by default – hold the breach of customer account information as a defined risk and its potential to be obtained by the very real threat actors out there.

STEP 2 – Secure the data (implement and verify the right controls): Your standard controls should include strong hashing with a protected salt. Complex passwords should be enforced, and the standard security hardening, patching and testing needs to be conducted. Passwords do not normally need to be stored in a reversible manner (such as encrypted, and clearly not in plain text or simply obfuscated).

STEP 3 – Monitor your environment (define standard monitoring, know what is happening and actively hunt on your network): Your ‘business as usual’ practise should ensure that you have active monitoring in place, with your data stored and protected well back from your public servers. Active changes, non-standard behaviour and unauthorised activity should be monitored and alerted. An incident response plan should have been tested and rehearsed to ensure a breach can be detected BEFORE data extraction occurs. Make sure the path to your data is lined with multiple trip wires (monitored events) to ensure the hackers’ chain of actions prior to data extraction can be seen (reconnaissance, weakness exploits, delivery, extraction, etc). This will give you multiple opportunities to intercept and stop.

STEP 4 – Simulate and test (conduct real world penetration testing): So much penetration testing these days focuses on the type of attacks run by script kiddies (noisy, tool driven and automated), rather than real world criminals (targeted, custom, slow and quiet). Use valid Threat Intelligence to know what the bad guys will attempt and simulate what you really think may happen – not what you tested last year or even what your testing company does as standard.

STEP 5 – Remain agile (continually re-visit the risk and verify the right controls and response capabilities are in place): Don’t stand still and don’t sit down. The hackers won’t be. As defenders we need to remain vigilant and adaptable. Govern, evaluate, learn lessons and improve.

The only way to protect your organisation from a breach is to expect it to happen and prepare for it. Ask yourself, if a certain breach happened to you, would you be able to detect and stop it in time?

PS - Never pay the ransom! You will encourage the very action you want to stop. Hunker down, weather the storm and learn from it. And be better prepared for next time.


To contact Nettitude's editor, please email

Topics: Security Blog, Uncategorized

About Nettitude

Nettitude is the trusted cyber security provider to thousands of businesses around the world. We stop at nothing to keep your data and business secure in an age of ever-evolving cyber threats.

In 2018, Nettitude became part of Lloyd’s Register, an 8,000 person strong professional services organisation, with 300 years of heritage in safety and risk management. Nettitude now provides true global coverage, through a network of over 180 offices strategically placed around the globe.

Subscribe Here!

Recent Posts