Persistent cyber threats and financial and reputation costs associated with prolonged downtime, stolen data assets and negative press coverage require companies to remain alert and vigilant. A series of cyber security incidents has put the topic at the top of many company agendas. Most of the business sector in the Netherlands should really take more action. One in five companies was the victim of cyber attacks last year, according to figures from Statistics Netherlands (CBS). That number is only increasing.
No business escapes. There’s going to be a day when you’re hacked. What are the biggest risks for the boardroom? And what is the right approach? “The question is no longer whether a company will have to deal with cybercrime, but when.”
Phishing attacks
Phishing is actually part of Social Engineering, where the attacker tries to gather information from a user. It can be business information, login data or personal data. The attack seems to come from a reliable source, which unfortunately still traps many users. Awareness helps user awareness to reduce the chance of a successful phishing attack.
Attack with Ransomware
Ransomware is much less about behavior, but much more about technological attacks. Attackers place malicious software with companies, which encrypts data. Only when the organization pays an amount is the information released again. It often involves critical business data that is needed to keep doing business, which can make criminals a lot of money.
Advanced Persistant Threat attacks
APT is a prolonged and targeted cyber attack in which an unauthorized person is given access to a network unnoticed and prolonged. The aim is to gain continuous access and steal data. APT attacks mainly target countries and organisations.
DDoS attacks
In fact, a DDoS attack is very brutal and overwhelming, in relation to the quiet of the APT attacks. These are attacks, sometimes involving millions of machines and computers, to attack on a large scale. There are botnets trying to shut down company servers. The server gets overloaded, so it shuts down and users can no longer use it.
Supply Chain Attacks
More specific and advanced are attacks on the Supply Chain. It is an attack with malware, which nestles in a software package at the distribution site. Data is stolen or manipulated, which causes the organisation to inconvenience the supplier. A well-known example was the NotPetya global attack in 2017 in which mainly Ukraine was targeted. The crypotoware spread through the ExternalBlue exploit.
Have Security Monitoring implemented?
Security Information and Event Management (SIEM) and Security Operation Centre (SOC) processed together in NFIR Insights,
our fully automated solution where you no longer interpret data yourself.
What is Security Monitoring?
Security monitoring involves monitoring network traffic and analysing log files in order to detect threats, vulnerabilities and cyber attacks at an early stage. NFIR offers a fully automated solution, so that you no longer need to interpret data yourself. Via a dashboard you can view all notifications and take action if necessary.
How is network traffic monitored?
NFIR Insights, our security monitoring service, analyses all data from the connected detection sources and displays that processed data in an easy to interpret dashboard environment. NFIR’s security monitoring specialists automatically process the log data received on the basis of use cases, which are determined together with the customer. When monitoring network traffic, all information, including reports of suspicious activity, ends up in a dashboard. This way you are quickly informed of activities on your network and you can intervene adequately in case of suspicious activities.
How can monitoring security help protect my network?
Monitoring your network can help detect malicious behaviour early on. If you want to protect your network, it is best to start monitoring your network. You gain insight into your network, you are quickly informed of suspicious activities and you can take appropriate action if a suspicious situation arises.
On what basis does NFIR develop its monitoring service?
NFIR’s security monitoring specialists are working on the development of the Insights platform every week. They process the information from devices in your network and analyse it using machine learning and proven detection rules.
From which sources does NFIR get the information for the dashboard?
Various detection sources can be connected to NFIR Insights. You can think of IDS sensors, firewall logs, vulnerability scanners (external/internal), endpoint solutions and the like.
