Yahoo! data dump indicates need for web monitoring states Auriga
Organisations should be monitoring both the surface and deep web for indications of compromise. The deep web accounts for 96 percent of all web traffic and is not indexed by search engines effectively hiding it from view. The dark web is a subset of the deep web and comprises unregulated community sites, websites called .onions as well as black markets accessed via TOR anonymising software.
The threat posed by web data disclosure has been acknowledged by the Information Commissioner's Office (ICO) which broke out cyber incidents for the first time in its data security incident trends analysis in June 2016. According to ICO figures, there were 50 cyber incidents during the first quarter of 2016 making this the fourth most common type of breach. Of these, thirteen incidents were attributed to exfiltration ie the transfer of stolen data to another locale, while six were recorded where data had been detected on Pastebin. Monitoring legitimate surface sites such as Pastebin for evidence of corporate assets is a relatively simple way to increase vigilance and hackers will often use other surface web sites to publicise attacks such as in the case of the Ashley Madison attack which was announced over Reddit.
Detection and remediation of both surface and deep web sites is now possible using the next generation Security Operations Center (SOC). The Compass SOC can use various search critieria to monitor external networks such as references to company names, intellectual property and user credentials etc. but it can also factor in other variables. For instance, in the case of Yahoo!, the imminent merger with Verizon would have heightened the threat level to the company altering the search criteria. Following detection the organisation is then able to swiftly take action to minimise the effects of the attack, put security controls in place and inform and guide the user base.
"The Yahoo! data breach joins the league of mega breaches such as Home Depot, Target and eBay all of which were tardy in both detecting and disclosing the compromise of user data. There has to be both more proactive external monitoring and better systems in place internally for communicating and acting on this information and that means using intelligent security solutions that are capable of policing networks and looking for indicators of anomalous or malicious activity," said Louise T. Dunne, CEO, Auriga. "A next generation SOC is able to search those resources but crucially it also takes into account those business activities or geopolitical events that are going to have repercussions for the organisation, helping create a context-based search that really could shorten the timeframe between discovery and disclosure."
Auriga are specialists in cyber security, technology and risk management, with a renowned track record of succeeding where others have failed. As a trusted supplier to many high profile Government Departments, Agencies and Private Sector organisations, Auriga offers clients a cyber journey from design through to continuous monitoring. Auriga's flagship offering is Compass, a sophisticated next generation Security Operation Center (SOC) which is available as a tiered service enabling clients to scale their security, with threats assessed in real-time by dedicated analysts. Auriga is the only SME to bring to market a tailored SOC built to client need by Security Practitioners. To find out more, please go to www.aurigaconsulting.com or follow us on Twitter @AurigaConsult.