Skip to main content

Protecting Against the Inevitable

December 08, 2014

Imagine this situation: you are sitting in your office, all is going well, when you receive an urgent invite for a due diligence committee meeting to potentially acquire another business. This isn’t the first time your company is evaluating acquisition targets; and then it hits you – the last time this happened your organization came under attack. Suddenly your mind is racing as you realize that you only have two weeks before the announcement is made public, thus placing a target on your organization.  

For most, this situation causes a gut reaction of panic and stress. But many other companies have found themselves in this position, have gone through the process, and emerged successfully on the other side. The lessons learned from these real-life situations have enabled us to develop steps to help your organization adequately prepare for a potential attack when going through a critical time.

Rally the Troops

Get everyone in your company involved with an education session. Let employees know that there could be a cyber attack coming, and that the organization is preparing. It is key to involve legal, IT and public relations so that they know their roles and can prepare for a potential breach.  

Understand the Threat

Gather as much intel about the potential attack and the attacker as possible. In the above example the organization should consider what happened last time. In other cases, there may be more specific information available about an impending attack. One of the most important questions businesses should ask themselves is: what are the attackers after?

Take Stock of Your Environment

Baseline your technical environment’s inventory to get a clear view of your network and security posture. 

Close Open Holes

Understand where your important data lies. Perform a vulnerability scan. Determine which patches to tackle first according to their severity. If you can’t close the hole, monitor it. 

Guard the Gateway

Limit Web and remote access to only to those who need it. Close services that you don’t have to use. Perform a firewall rule cleanup to help ensure your perimeter is protected. 

Defend Critical Assets and Raise the Shields

Understand what you are really trying to protect. Once you understand your critical assets, you should set up an active defense. Apply the threat intelligence you have to reduce your attack surface. 

Prepare for the Worst

Even when all the proper precautions are put into place, a breach can still occur. There is a good way and a bad way to go through a disaster. Have a tested incident response plan ready to go, and have third-party experts ready to assist should an attack occur.

Last week, we published a white paper on this topic which describes relevant threats and strategies for organizations to apply threat intelligence to bolster defenses, develop a plan of action to minimize the attack surface, and strengthen the walls around prized data assets while the clock ticks down.

In addition, we recently conducted a webcast on this topic; you can find the recording here.

    James Robinson

By: James Robinson

Vice President, Third-Party Risk Management

See More

Related Blogs

March 22, 2018

Intelligence Bulletin – MinionGhost Reemerges

At approximately 9:30am EDT on 20 March 2018, hacktivist collective, MinionGhost, announced planned cyber attacks against unspecified Asian entities. ...

See Details

February 07, 2018

Intelligence Bulletin – When Cryptomining Attacks

Optiv has seen a continuation of attacks based off the usage of CryptoNight miner, in this case likely mining Monero cryptocurrency for the attackers....

See Details

January 12, 2018

Regarding Spectre and Meltdown

On January 3, 2018, the Graz University of Technology released their papers on identified vulnerabilities dubbed “Meltdown” and “Spectre” via the webs...

See Details

How Can We Help?

Let us know what you need, and we will have an Optiv professional contact you shortly.

Privacy Policy

Stay in the Know

For all the latest cybersecurity and Optiv news, subscribe to our blog and connect with us on Social.


Join our Email List

We take your privacy seriously and promise never to share your email with anyone.

Stay Connected

Find cybersecurity Events in your area.