There will be an avalanche of these kind of articles over the next few days. Unless they’re written by Twitter’s incident response team, I’d be wary of attaching too much importance to them, especially if a vendor is involved. Having said that, my company sells some tools that would help ;)…:
[…] First, it’s beyond late to get proactive with your cyber-hygiene. According to the Cyber Threat Alliance, a group that facilitates information sharing among cyber-security professionals, start by tightening up cyber-security protocols with remote workers.
Then, don’t make the mistake of assuming all cyber-attacks come from outside your organization. So many companies overemphasize external attacks and overlook risks associated with attacks from within, Ramos said.
Start by learning about how vulnerable your internal controls are. That can be done with internal penetration testing, in which a consultant tests and evaluates your internal controls, assesses them for vulnerabilities, and recommends solutions.
Gidi Cohen, CEO of Skybox Security, a cyber-security and compliance vendor, says companies should apply ”the principle of least privileges, limiting access to only those who absolutely need it, and monitoring to ensure access policies continue to be adhered to as the network lives and breathes. It limits the risk of who can be manipulated or exploited for the cyber-criminal’s gains.”
In the case of the Twitter hack, each employee that has access to this internal tool should be asking a supervisor for permission each time they access it. These access points should be continuously monitored to determine which employees are accessing them, Ramos said.
If a cyber-attack occurs, bring in a forensics team that can track all the places a hacker moved through your system—to determine not only what they stole, but what they left behind.
“You don’t want to let them easily get back into your system,” Ramos said.
Ramos said he would not recommend monitoring the employees themselves, due to privacy concerns. Instead, create a robust monitoring system that watches access points to key control systems. The system should fire off an alert if the access point is improperly accessed—be it from an outside attack or from an unauthorized employee.
There are lots of great tools that can monitor your system for possible attacks.