Preventing user-based attacks

Kirsten Doyle
By Kirsten Doyle, ITWeb contributor.
Johannesburg, 09 May 2016

ITWeb Security Summit 2016

Meet Craig Everson, EMEA Technical Director, Rapid7, at the ITWeb Security Summit 2016 on 17 and 18 May. He will discuss the Anatomy of a User-Based Attack and Incident Response. To view the full agenda, click here. To register, click here.

Today, an enormous percentage of business is conducted via the Internet on a multitude of devices and platforms. End users share more information than ever and connect to numerous outside networks, increasing the potential attack surface exponentially.

At the same time, cyber criminals are opportunistic, going for the low-hanging fruit. Each day, they invent new ways of exploiting their victims, through sophisticated malware, phishing and social engineering attacks, all of which are aimed at the weakest link in the security chain - the end user.

Craig Everson, EMEA technical director at Rapid7, defines a user-based attack as any attack that involves a user for the initial compromise or breach of a network. "This could either be a valid internal user that has been the victim of phishing or social engineering attack to compromise their credentials, or a disgruntled internal employee escalating their privileges or moving laterally to extract and exfiltrate sensitive or valuable company information."

Everson will be presenting on the 'Anatomy of a user-based attack and incident response' at the ITWeb Security Summit 2016 at Vodacom World from 17 to 19 May.

He says there are many ways to try prevent these forms of attacks, ranging from security awareness training for users, through to various best practice security controls being put in place. "Unfortunately there does not appear to be any silver bullet that will prevent these attacks from being successful, as many of the recent high-profile breaches have shown."

Craig Everson, EMEA technical director at Rapid7.
Craig Everson, EMEA technical director at Rapid7.

It is therefore crucial to ensure the correct detection and investigation controls are in place to detect and contain these attacks quicker when they occur, explains Everson. "Mitigating these types of attacks requires a combination of prevention and detection controls and technologies."

Delegates who attend Everson's presentation can expect to gain insights into the current state of the incident detection and investigation landscape, methods for preventing attacks and the necessary building blocks for creating an effective incident detection and response programme.

All materials are based on the extensive experience gained by the Rapid7 Analytic Response Team who have vast knowledge and experience dealing with various customer breaches, he concludes.