This article was published on March 10, 2016

How to stay ahead of cyber criminals in the data breach era

How to stay ahead of cyber criminals in the data breach era
Ofer Israeli
Story by

Ofer Israeli

Ofer is founder and the VP of Research and Development of illusive networks. Prior to founding illusive, Ofer was a team leader at Check Poi Ofer is founder and the VP of Research and Development of illusive networks. Prior to founding illusive, Ofer was a team leader at Check Point Software Technologies, where he led the “Endpoint Security Management” and the “Cloud and Document Security Management” teams. Ofer holds B.Sc. degrees in Computer Science and Physics from Ben-Gurion University of the Negev.

It’s no secret that cyber attackers are becoming increasingly sophisticated, stealthy, and motivated.

As we’ve seen in high profile breaches at Target, JP Morgan and Home Depot, attackers can infiltrate environments and maneuver undetected for months at a time to set up the “perfect crime.”

Today, it takes financial firms an average of 98 days to detect a data breach; for retailers, this can take up to 197 days. Even Cisco’s mid-year security report warns that companies of all sizes must reduce time-to-detection in the wake of the latest wave of advanced attack vectors.

With threats such as Angler and Dridex on the horizon, CIOs and CISOs can’t afford to wait around — they need an effective program to recognize the warning signs of a security breach.

As cyber attackers become increasingly aware of cyber security measures, organizations must continuously learn about potential warning signs. Here are a few helpful tips to help you stay ahead of cyber attacks and reduce the risk of data breaches:

Change, change, change

Cyber attackers and IT professionals have at least one thing in common — they don’t like change. Your IT department wants to keep systems and processes static to keep their work organized and make their lives easier. Attackers love static networks because they can study them, learn the ins and outs, and use that knowledge to compromise your data.

Cyber space

If you want to make life difficult for sophisticated cyber attackers, create a culture that thrives on change. Move your data around, change the network design. Don’t let attackers prey on a static network.

Avoid alarm fatigue at all costs

In early 2014, Target released a statement admitting they missed a warning sign that pointed to what would eventually become one of the biggest data breaches in history.

Target didn’t actually miss the alert — the security team had seen so many false positives that they determined this particular notification wasn’t worth looking into. Security appliances are more sensitive than ever to better detect potential threats, but the sharp increase in alerts leaves security teams running ragged.

It would be impossible to jump and launch an investigation every time your security appliances send a notification. Instead, you must monitor your organization for signs of alarm fatigue and resolve them as soon as possible. If you stop monitoring for serious notifications, you are sure to miss the real issues as they come up.

Monitor for usage of irrelevant information

Cyber criminals do their homework before launching an attack; but sometimes their data is misinformed. You should monitor for activity that doesn’t make sense for your organization. Let me explain.

Attackers can set off red flags when they try to compromise widely adopted enterprise software. For example, SharePoint has such wide distribution that attackers might search your network for its servers. If you don’t use SharePoint, then requests for SharePoint data should set off red flags.

red flag, caution, stop

A typical example of an irrelevant information scenario is the “former employee” situation. In this case, an attacker chooses to target a specific user from your list of employees, not knowing that the person no longer works for your organization.

Because the employee no longer works for you, that employee should not be taking actions within the company’s network and the network shouldn’t be contacting them. Spotting this suspicious activity can help you prevent data breaches.

Global law firm, Locke Lorde, was able to mitigate a cyber attack after catching a former employee using his credentials to access their network. The closer you track the use of irrelevant information, the quicker you can stop data breaches in their tracks.

DDoS threats are often a small part of a larger attack

If you rely on cloud services or e-commerce to drive your business, the downtime triggered by a DDoS attack might be your worst nightmare. However, cyber criminals looking to steal valuable customer personally identifiable information (PII) or extort money don’t benefit from a DDoS attack alone.

While you’re distracted by the scramble to solve downtime issues, attackers can slip into your network to launch a more elaborate scheme (often an advanced persistent threat).

In October 2015, TalkTalk (the UK telecom provider) learned the hard way that DDoS attacks can be a mere prefect of a data breach. After suffering a flood of traffic that collapsed service, attackers compromised the records of nearly 160,000 customers. Learn from cyber attack history and beware the underlying motives for DDoS attacks.

Invest in cyber security education and training for employees

Did you know that human error is the leading cause of data loss — accounting for $40 billion in losses per year in the US alone. Extensive training and education teaches employees the importance of changing passwords and monitoring for suspicious activity to cut down on the amount of human errors.


One major part of training your employees for better cyber security is preparing them for phishing schemes. Attackers often send out seemingly legitimate emails, mimicking companies like PayPal or eBay in an attempt to lure readers to click on a fake link. While the link seems real and the landing page is set up with real logos, the site is built to filter sensitive data to cyber criminals. The email might mention an issue with the user’s account and lead them to a site that requests PIN numbers, credit card data and more. These can be tough to spot, but there are warnings to look out for.

All of the security solutions in the world can’t protect your network if your workforce is willingly (but unknowingly) giving cyber criminals access to it. Creating a truly secure workforce requires ongoing education and training.

While this isn’t an exhaustive list of how to prepare for a data breach, security teams do need to tighten up their defensives — standard systems are being bypassed at an alarming rate. It’s not just about the amount of money spent on the latest firewall or intrusion detection system. It’s about a working environment with security built into its core and a network of security solutions built to mitigate the latest threats.

One way to supplement your cyber security efforts and mitigate many of the human errors that cause data breaches is to deploy an extra layer of security by using deceptive technology. This solution blinds attackers with endless streams of deceiving data until they can’t tell what’s real and what isn’t. This not only forces them to trip and set off alerts, but also gives you the power to study and stop attacks.

It’s time for companies to change the narrative on cyber security. The business world can’t afford to have 70 percent of 80 million to 90 million cyber attacks go undetected. With the increasing volume of cyber attacks costing the global economy over $575 billion, it’s clear that cyber security measures must change. It won’t happen overnight, but the best first step is to learn the warning signs of a data breach to supplement your security investments.

Read next: 5 major cyber hacks and the tools that might stop them next time