Kevin R. Brock, a leading cybersecurity expert and the FBI’s former Principal Deputy Director, National Counterterrorism Center and Assistant Director for Intelligence, in a recent Forbes article stated –
“The impacts of cyber intrusions and disruptions are much greater and often devastatingly public—bringing to bear significant risk to company reputation, shareholder value and creating an entire new set of liabilities. Historically, the management of this risk has been delegated down in the organization. Current studies still show that upper management in most companies is rarely briefed on cyber threats.” (http://www.forbes.com/sites/christopherskroupa/2014/07/15/company-cyber-resilience-or-cyber-attack-choose-one/)
When working with PeopleSoft customers to help them understand their security risks, we often find that these organizations believe they are better protected than they actually are.
Our advice? Stop being reactive. Be proactive.
Correct preparation makes incidents far easier to resolve. Detailed and specific event-driven logging can alleviate some of the frustrations. Within the PeopleSoft application stack, it is often difficult to understand what users are doing after the fact. Sometimes effective dated pages make that easier, but nothing can replace a great logging solution.
Case in point….a user gets phished and the attacker then impersonates that user to update data within the PeopleSoft application. It might be easy to see the one row the attacker updated, but what about the data the attacker just looked at? How would you like to definitively answer what that attacker did?
Correct preparation would give you these answers – all the components, pages, and records that attacker saw. Yes, that’s right – know what the attacker accessed. Correlate by times, IP address or other information that you choose to log.
How about another scenario in which a professor travels abroad, accesses their personal data and updates an address? Later on in the day the organization is attacked from the country visited. The security staff at the University wants validation of the transaction(s). With the right logging this is an easy question to definitively answer – a quick resolution to a false positive.
Detailed, specific, event driven, customizable logging designed for your business processes greatly simplifies incident response.
The costs of resolving an incident continue to increase.
Our advice? Minimize the risks by being proactive with your security.