Yesterday, it was reported that a suspected cyber attack has paralysed computer networks at three broadcasting organisations and two banks in South Korea. The organisations’ networks had been “partially or entirely crippled”, with some banking services including ATM machines also affected.
The cause of the problems remains unknown, and South Korean authorities are “now trying to determine the cause of the network paralysis”. While no government-related computer networks had been affected, officials stated it was not yet known whether North Korea was involved, but “We do not rule out the possibility of North Korea being involved,” said South Korean Defence Ministry spokesman Kim Min-seok.
South Korea is one of the world’s most technically aware societies and is often described as ‘The World’s Most Wired’ country. As such, it is especially critical for its organisations to have a deep understanding of their own IT systems in order to ensure that its networks are not only adequately protected, but should they be attacked – which seems inevitable in today’s era of cyber attacks – that any potential damage is effectively minimised in real time and evidence of the attack is correctly monitored.
The cause of yesterday’s network problems are still unclear and managed to infiltrate systems to the point of “crippling” them – indicating that these organisations didn’t have the visibility required to effectively monitor IT systems and identify and remediate any anomalous IT network behaviour in real time.
Organisations need to be continually monitoring all of the log data generated by all of their IT assets in real time – which is where evidence of all IT network activity lies – to detect and respond to suspicious or unauthorised behaviour the instant it takes place. Not only does this log data help firms identify hacks before any lasting damage can be done, it also provides vital forensic evidence about how and why these attacks happened in the first place.
The other serious issue is that there remains an enormous amount of uncertainty surrounding the origins of the attack. Without confirmation of the source of cyber attacks, inaccurate finger-pointing can and often occurs – and given the current diplomatic tensions between South and North Korea, this can lead to unwanted military involvement.
As such, further forensic analysis of the breach is required – but this cannot be achieved with traditional point security solutions, such as anti-virus or firewall tools. A holistic IT security strategy focusing on the continuous monitoring of IT networks provides the network visibility and intelligent insight needed for such deep forensic analysis. Only with this deep level of network visibility can organisations ensure cyber attacks are effectively mitigated and accurately attributed to the correct perpetrators.