Lessons learnt from the Lakeland attack
Last Friday, the British Kitchenware store, Lakeland, suffered a major data breach that involved two encrypted databases. To make things worse, the company doesn’t know if data was compromised or what data was involved.
Greg Day, VP and CTO EMEA, FireEye, comments on why this should be a wake up call for all companies, no matter what size. The Lakeland attack highlights some key issues that all companies need to be aware of:
1. Typically there is still the perception that APTs are aimed at government and global companies, this attack validates that all industries and market sizes are being targeted.
2. With the depth and complexity of today’s IT, organizations struggle to keep pace from a security perspective. Companies need to start looking at the problem from another angle – all to often we over focus on preventing attacks, but companies are starting to recognize that breaches will occur, which means we need to:
- Understand the what, where and how – gather up the forensic data to identify the indicators of compromise that help us understand.
- Gain insight into the who and why – by looking at data such as the communications and call back points we can often glean some insight into the motive of the attacker.
3. If we accept that a compromise can happen we have to start to look at what is an unacceptable loss. For most this is Intellectual Property be it customer personal identifiable information or company unique IP. Either way businesses need to identify what where and how that data is being used. As such, when an incident occurs they can understand from the indicators of compromise data which systems have been impacted and look back to solutions such as DLP logs to see what data was touched and potentially exfiltrated.
4. Whilst companies continue to focus on prevention, we all to commonly see that they have weak or sometimes no incident response process. Very typically post incident they will engage experts to help them review or write a response process. If you look in the last 12 -18months we have seen a real explosion in companies, be they consulting firms or security vendors, providing incident response services as too many companies realize they do not have the skills or expertise to respond alone.