For years, the IT service desk has been evaluated based on how quickly an incident is resolved. For most purposes, this is ideal, because a quickly resolved incident gets users back to work, boosting overall productivity and improving the bottom line. However, in this age of full-assault on databases and infrastructures, a quick resolution might lead to blind spots in security that open you to vulnerabilities. Hackers and IT departments are playing a sort of poker game — watching each other and trying to decide how and when to play the next hand. Here’s why when it comes to security, a fast resolution can sometimes be your worst enemy.
Modern Security is About Getting the Bigger Picture
The new age of hacking involves a complex attack, combining the use of both known malware along with custom-made malware. When the IT help desk identifies and shuts down a known piece of malware, it takes away the most important evidence for tracking a larger-scale attack. For this reason, the ideal solution is actually not to remove every piece of malware immediately as soon as it is identified. IT can get a much better picture of a grander attack by sitting back and watching how the malware interacts within the system.
For example, when a known piece of malware is identified, resist the urge to wipe it. Watch it and see what other malware or software it’s interacting with, such as accessing files within the database. Also, determine whether it is communicating with an external domain, which will tell you where the attack is coming from. It’s much like observing how your poker opponent acts with a full house versus a pair of 6’s.
Never make the assumption that a single piece of malware is just a simple attack. Always assume that any glitch or quirk is part of a bigger attack until you can prove without a doubt that there is nothing larger and more sinister afoot. This way, you never get caught by surprise.
Quick Resolution Exposes Your Vulnerabilities
Another reason for watching and learning about an attack before quickly shutting it down is that to do so exposes your vulnerable spots. Hackers are becoming more sophisticated about their attacks. They watch to see what gets through the security systems versus what you detected and eliminated. Snatching malware identifies for the hackers what is and isn’t working. They then continue to use malware that isn’t detected and hone their attack to your detriment. Or, they can continue to throw you malware you can identify and remove to keep you busy while they get in another way. Removing identified malware immediately is like showing your poker hand right before the betting begins.
Adopt a new stance when dealing with what appears to be a simple glitch or ordinary piece of known malware. Sit back. Observe. Identify. Once you have a true picture of the scale and nature of the attack, throw down those four Aces and shut the hackers down entirely.
About Tye Graham
Read more articles by Tye