How to Evade the Real Holiday Grinch
How to Evade the Real Holiday Grinch

If the holidays have you busy running from one commitment to another, you’re not alone. Dashing out of a year-end budget meeting to your kid’s school production and then back for a departmental holiday party is a painfully common schedule for many right now. While it can be exhausting, the holiday season only comes once a year, so why would you miss any of these get-togethers or unique opportunities?

The same can be said for cyber criminals.

This time of year is busy for them too because, for cyber thieves, it’s also all about opportunities. But rather than looking for chances to fill your holiday with joy, they come to swindle and steal your data while you aren’t looking.

If you’re thinking this sounds like a familiar storyline, you’re right. It’s like the Grinch who silently sneaks into Whoville to swipe everything he can before escaping back onto his mountaintop.

The biggest celebration of the year for the Whos of Whoville presents the perfect opportunity for the holiday-hating Grinch to strike. While everyone is asleep, he has the chance to quietly take everything because, as the story goes, his heart is two sizes too small. Without passing judgement on the capacity for compassion of cyber criminals, we do know their pilfering is for profit. Stealing your data is their money-making venture and they always have their eyes open for an easy score.

So, what can you do to evade these Grinch-like advances?

Most threats can be prevented by closing the opportunity gap. An important component of effective risk mitigation includes reducing the probability of their success. In other words: make it harder for them so they move on to the next Whoville. To do this, I’m not suggesting you cancel your holiday but rather make it incrementally harder for them to get in.

This is where the NIST Cybersecurity Framework (NIST CSF) can help you. Using five primary pillars, NIST CSF has outlined a series of best practices to guide you in making it harder for cyber crooks to break in. Following the first two pillars, identify and protect, the third pillar, Detect lays out three ways to detect a possible breach so that you can shut it down quickly:

  1. Anomalies and events: what are you hunting for
  2. Security continuous monitoring: when you hunt for it
  3. Detection processes: how you hunt

If you are looking for more information on how NIST CSF can help your organization avoid Grinch-like opportunity seekers, we created a series of short videos on the framework and other essential cybersecurity tips. For more on how to detect a breach, watch this video below. And while you’re at it, watch and subscribe to our full Cybersecurity Insights video series on YouTube.

 

NIST Cybersecurity Framework

 

Video transcript

Hey! Josh here from Absolute.

We’re going to continue looking at the NIST cybersecurity framework, with a special attention

put on the third pillar “Detect”.

The real-world doesn’t seem all that interested in your cyber resilience. New threats, exposures, vulnerabilities, and blunders that can wreck the show. But, here, we can lean on the techniques of the NIST CSF.

Let’s start with strange things happening. By definition an anomaly is simply anything that deviates from the standard, the norm, or the expected.

Imagine you have an endpoint running a PHP process with a connection to an IP address in another country:

– Is it anomalous?

– Well… Do we have a baseline?

– What’s the endpoint’s hygiene status?

– Who is using it?

– Where is the device physically located?

– What were the activities this time last week, last month, last year, or any time period?

Well… we have built the foundation with the first two pillars (Identify and Protect) so we can see when things start to fall outside of our expectations.

Within the “Detect” pillar, we can see how anomalies are the ‘what’ we need to detect, and continuous monitoring is ‘when’ we need to detect.

Spoiler alert: always be watching.

Start with a digital tether to your endpoints, where a firmware-based module that has a persistent connection that never loses its grip on any device. Which allows you to have a recursive index, updating your asset intelligence with new inputs from the real world.

Then, use Attack Simulation to play ‘what-if’ scenarios based on hygiene profiles and shifting circumstances, to adapt before disaster strikes the ‘Detect’ pillar of NIST is a crucial discipline that forces us to be honest about our base-rate (to determine if something even is an anomaly) and extends visibility in time and in space across the TAC surface to rapidly discover trouble and capture every last shard of the environment.

In our next episode we’ll go deeper into the NIST CSF for a more effective incident response.

Be sure to subscribe, you won’t want to miss it.

See you then!

ABOUT THE AUTHOR

Josh Mayfield

Josh is Absolute’s Director of Security Strategy and works with Absolute customers to leverage technology for stronger cybersecurity, continuous compliance, and reduced risk on the attack surface. He has spent years in cybersecurity with a special focus on network security, threat hunting, identity management, and endpoint security. His research has been featured in leading security publications including, SC Magazine, Infosec, and Dark Reading, and he is often cited by business and tech journalists for his analysis of cryptocurrencies, security operations, and attacker psychology.



0 COMMENTS

Leave a Reply

Your email address will not be published.