Advice to CISOs: In its weekend post, the UK’s NCSC said, “Preparation and resilience does not mean just having good defenses to keep out attackers. No matter how good your defenses are, sometimes the attacker will be successful. It also means detecting threat actors when they are using your employees’ legitimate access (or are on your network, or in your cloud services) whilst being able to contain attackers to prevent damage, and to respond and recover when an attack has got through your defenses.”It offered this advice to all organizations, including retailers:
ensure multi-factor authentication is deployed across the organization;enhance monitoring against unauthorized account misuse; for example, looking for ‘risky logins’ within Microsoft Entra ID Protection, where sign-in attempts have been flagged as potentially compromised due to suspicious activity or unusual behavior, especially where the detection type is ‘Microsoft Entra Threat intelligence;’ pay specific attention to domain admin, enterprise admin and cloud admin accounts, and check if access is legitimate; review their help desk password reset processes, including how the help desk authenticates staff members’ credentials before resetting passwords, especially those with escalated privileges; ensure security operation centres can identify logins from atypical sources such as VPN services in residential ranges, through source enrichment and similar;ensure they have the ability to consume techniques, tactics, and procedures sourced from threat intelligence rapidly and the ability to respond accordingly.
First seen on csoonline.com
Jump to article: www.csoonline.com/article/3977688/warning-issued-to-retailers-cisos-worldwide-after-three-attacks-in-uk.html
