Cyber attacks have become an increasingly common threat to organizations around the world, and the recent attack on the All Indian Institute of Medical Sciences (AIIMS) is a powerful reminder of the need for cyber security measures. The attack on AIIMS, which took place on November 23, affected five servers and encrypted 1.3 terabytes of data, causing operational disruption and non-functionality of critical applications. The attack was analyzed by the Indian Computer Emergency Response Team (CERT-In) and was found to have been caused by improper network segmentation.
According to Union Minister for State for Electronics and Information Technology Rajeev Chandrasekhar, the attack was carried out by unknown threat actors. He stated in a written reply to the Parliament that CERT-In and other stakeholders have advised necessary remedial measures to prevent such incidents from happening again in the future.
The number of cyber security incidents in India has been on the rise, with 4.5 million cases being reported and tracked in the last five years, as per Chandrasekhar. This highlights the need for organizations to have robust cyber security measures in place to protect their sensitive information.
The AIIMS attack is a crucial lesson for organizations about the importance of network segmentation. Network segmentation is the practice of dividing a computer network into different segments or sub-networks to improve security and isolate vulnerabilities.
In the case of AIIMS, improper network segmentation allowed the threat actors to gain access to critical servers and data, leading to the attack.
Organizations should conduct regular risk assessments and implement effective network segmentation techniques to prevent cyber threats. This can include firewalls, intrusion detection systems, and network access control, among others. Additionally, organizations should ensure that all devices and systems are kept up-to-date with the latest security patches and software updates.
Another crucial lesson from the AIIMS attack is the importance of having an incident response plan in place. An incident response plan is a documented process that outlines the steps an organization should take in the event of a cyber attack. Having a well-defined incident response plan helps organizations respond to a breach in an organized and efficient manner, minimizing damage and downtime.
Organizations should also invest in cyber security training for their employees, to ensure that they are aware of the latest security threats and are equipped to handle them. This includes providing training on phishing, password protection, and data privacy, among others. Additionally, organizations should encourage employees to report any suspicious activity or incidents, as this can help to identify and resolve cyber threats early on.
In today's complex and ever-evolving threat landscape, organizations also need to have an effective security information and event management (SIEM) solution in place.
A SIEM solution collects and analyzes log data from various sources, such as network devices, servers, and applications, to provide real-time visibility into security events and threats. This information can be used to identify and respond to security incidents, as well as detect and prevent future attacks.
SIEM solutions can help organizations:
- Detect and respond to security incidents in real-time
- Identify potential security threats and vulnerabilities
- Monitor and analyze log data from various sources
- Facilitate compliance with various security regulations and standards
(Read : THREAT HUNTING: METHODOLOGIES, TOOLS, AND TIPS)
In conclusion, organizations must take cyber security seriously and implement a comprehensive security strategy that includes proper network segmentation, regular software and system updates, security audits, employee education, and an effective SIEM solution. By doing so, they can safeguard their systems and information against cyber attacks and ensure the security and confidentiality of sensitive information.