COI for SingHealth cyberattacks: Officer took initiative to investigate even though it was not his job
Among the witnesses who took the stand on Tuesday (Sep 25) was IHiS officer Chai Sze Chun, who was commended by Solicitor-General Kwek Mean Luck for being alert and taking the initiative to investigate the incident, even though it was not his job to do so.
Read more at https://www.channelnewsasia.com/news/singapore/coi-singhealth-cyberattacks-officer-took-initiative-not-his-job-10753282
If 2 piece of security elements are in place - this attack will have been prevented and detected early.
(1) If SIEM (Security Incident and Event Management) piece is installed - it will straight away detected anomaly activities when hackers try illegal way of scanning, accessing and trying to breach the network - because the SIEM will be able to correlate all security activities collected from all the network and security devices - and form a picture of security breaches - in the very 1st day when hackers enter.
(2) 2 factor authentication enforced on all administrators login to manage servers, database, systems, network and security devices - will have prevented hackers from breaching the password of the administrator as even if admin id and password are stolen, without 2FA, hackers cannot steal the data from the database.
SIEM will eliminate the suspicion that security breaches has happen like what is reported here - as it will map out :- (1) the overall graphical pictures of how the breaches has occured (2) what has been breached - including the date, the time -- based on all the syslog, security logs collected from the network and monitored by the SIEM.
In fact, based on the SIEM reports - escalation can be made with certainty to the senior management and the CSA - as there is no need for the various administrators of different devices to do their own investigation of suspected breaches - as the SIEM provide the overall view as well as how, when, what the breaches occur.
Based on the previous and current report of how the hackers breach the network - the hackers though skillful - but can still be tauted by good security design, correct security implementation and good security practices.
It is not as fearful as thought to be ---- as correct security implementation can stop the hacking.
Last but not least (1) by enforcing lockdown jump host that can administer database, server, network and security devices will also have prevented hackers from hijacking a SCM server in remote site to do unauthorised SQL activities like issuing raw SQL commands to steal the data from database enmass.
No comments:
Post a Comment