The first 24 hours after a cyberattack are chaotic.
The investigations and conclusions will come far down the road, but in the immediate aftermath of an attack, the entire organization is in reaction mode.
The public relations team will update media members hungry for additional details. If an attack affects an organization’s own employees, the human resources department will issue alerts internally. The legal team will remain on standby to ensure regulatory requirements are met, offer counsel and guide the organization through the first few days of what is likely to be a process lasting many years.
For the IT department, meanwhile, those first few hours are all about containment – discovering the origin of an attack, isolating or stopping its harmful effects, and securing IT systems to assure continuity.
Yet, in many cases, victims of cyberattacks aren’t taking these critical first steps. According to a new survey by the SANS Institute, only 59 percent of organizations are able to contain attacks within 24 hours and more than half claim to be dissatisfied with the length of time it takes for them to contain and recover from an attack.
Even the federal government doesn’t really have a perfectly coordinated strategy for responding to these events. As last summer’s hack of the Office of Personnel Management (OPM) showed, the government isn’t well equipped to react quickly to emerging threats and successful attacks, and individual agencies don’t always take ownership of a coordinated response.
Fortunately, most businesses don’t have such a burden. Most are more agile than the government, and therefore better positioned to respond quickly, even if the findings of the SANS Institute reflect a different reality. The piece of the puzzle that some organizations are missing is the technology to enable faster cyberattack response times, but fortunately, some are finding it with remote access solutions equipped with central management capabilities.
Remote work is a new standard for many businesses, and in today’s world, secure remote access is a necessity to mitigate attacks. The value of a centrally managed remote access VPN is that it provides a single view of all remote access endpoints to the network administrator. This increased visibility makes it easier for the administrator to manage any type of endpoint a user may deploy to access the network remotely. And in the event of a breach, the administrator will be able to quickly revoke network access and deprovision the vulnerable device, in order to isolate the attack and prevent it from spreading.
As SANS Institute analyst Dave Shackleford said in response to the report’s findings, “If our security stance is going to improve, we need better visibility, the ability to make configuration changes faster and to contain attacks more quickly.”
Adopting centrally managed remote access VPN is the first step toward providing just that.
Want to learn more about two-factor authentication? Download our whitepaper “Two-Factor Authentication for VPN Access” to find out more.
In “Two-Factor Authentication for VPN Access,” we cover:
– The methods of authentication
– Common authentication combinations
– Criteria for balancing security and simplicity