Protect Your Organisation - Know Your Enemy

Uploaded on 2022-02-23 in TECHNOLOGY--Resilience, TECHNOLOGY--Hackers, FREE TO VIEW

Digitalisation has been a buzzword for a while, and many organisations have made significant progress towards digitalising the majority of their data and processes. Unfortunately, those digital assets are attractive to cyber criminals, too: they present a considerable cyber risk across a large attack surface. 

With the expansion of the Internet of Things, endpoints are becoming more distributed and diverse, prompting warnings that tomorrow’s attacks might include targets which were previously believed to be secure such as insulin pumps, pacemakers or connected cars. It’s no longer a matter of ‘if’ an attack takes place but ‘when’. Given the frequency, extended attack surface, and the severity of attacks, understanding where potential attacks might come from and how they could affect your organisation is more critical than ever.

Not only are cyber attacks happening at an accelerated pace, they are also becoming increasingly difficult to recover from and carry greater ramifications. The ransomware threat is now endemic, and the rise of crypto currencies has provided the means for cyber criminals to carry out anonymous, risk-free attacks. We’re beginning to witness the dawning of a new age. One where organisations are taking an ‘assume breach’ position and developing solid response and recovery capabilities with incident response, crisis management, and disaster recovery plans alongside their traditional cyber security programmes. 

Although critical, protection technologies are no longer enough. Being able to identify, protect, detect, as well as respond to and recover from threats is imperative: those capabilities form the basis of a comprehensive cyber resilience strategy. Cyber resilience, however, is also about reducing risk – knowing which cyber security events would have the greatest impact on your organisation and prioritising your defence measures accordingly. To improve overall protection, organisations need to know their ‘enemy’, ‘battlefield’, and ‘themselves’. 

Know Your Adversaries

More than just having a degree of familiarity, knowing your enemy is the most difficult aspect. You need a good understanding of the threat actors that are taking an interest in your organisation, and why they see you as a viable target. Gaining this level of knowledge requires answers to: what are their motivation and objectives, what are the tactics, techniques, and procedures (TTPs) used, how are they applicable to your environment, where would the attack most likely take place, and how could it compromise your business, your supply chain, or your customers?

There are several open-source resources available that provide insights into how threat actors operate. The MITRE ATT&CK database provides a library of known adversary tactics and techniques, and provides information on cyber criminals’ behaviour, reflecting the various phases of an attack lifecycle and the platforms they are known to target. The ThaiCERT also provides a useful encyclopaedia of threat actors. For the most up-to-date insights, security vendors monitor cyber criminals and publish their findings. For example, Datto’s Threat Management Cyber Forum provides threat profiles, signatures, and information on threats targeting the MSP community and their SMB customers. 

Know Your Battleground

To fully appreciate your exploitable surface, you need insight into the likelihood of being attacked via a particular attack vector. Organisations first need to evaluate which of their assets have the highest probability of being attacked. Second, they need to determine how valuable these assets are to the company or their customers. 

Being cyber attack ready requires a comprehensive cyber resilience strategy that consists of five components: identify, protect, detect, respond, and recover. Cyber resilience also encompasses reducing risk. Risk is a function of likelihood and adverse impact. For instance, an event that is likely to happen but has minor consequences, presents less overall risk than an event that is deemed unlikely, but would cause significant damage. Knowing which cyber security events would have the greatest impact and prioritising defence measures accordingly is essential to a risk-based approach. 

Know How To protect Yourself

Once you know which cyber criminals are lurking and their preferred battleground, you’re able to simulate their methods to determine where your greatest risks reside and what is needed to mitigate potential risk. By reverse engineering a cyber criminal’s past breaches, you can confidently prioritise and implement the most effective security controls against threat actor specific tactics and techniques. To test your configurations, there are several open-source free tools that emulate specific adversaries, such as Caldera (which leverages the ATT&CK model) or Red Canary’s Atomic Red Team.

Adversary emulation is different from pen testing and red teaming in that it uses a scenario to test a specific adversary’s TTPs. The goal is to determine whether the tactics can be either prevented or detected in your environment. Additionally, it’s important to examine technology, processes, and people to fully understand how your defences work in unison. This process needs to be repeated until you’re confident that you will prevail against this adversary.

Large organisations and MSPs should conduct adversary emulation on a quarterly basis, SMEs at least once a year or whenever there is a major new threat, and for enterprises, a threat-informed defence programme is an ongoing effort. Additionally, at a minimum, all organisations should follow the CIS Critical Security Controls – spending ample time on Implementation Group 1 (IG1).

While the processes may seem overwhelming, improving overall security is imperative and needs to be given the highest priority.

Ryan Weeks is CISO at Datto

You Might Also Read: 

Penetration Testing & Ethical Hackers:

 

 

« CYRIN Enters A Strategic Alliance With Cyber Ireland
Lithuania & Poland Issue Cyber Attack Warnings »

CyberSecurity Jobsite
Perimeter 81
Cyrin

Real Attacks. Real Tools. Real Scenarios.
Schedule a demo

Go Cyber

Training that transforms behaviours

Sign Up: Cyber Security Intelligence Newsletter

Directory of Suppliers

Practice Labs

Practice Labs

Practice Labs is an IT competency hub, where live-lab environments give access to real equipment for hands-on practice of essential cybersecurity skills.

ON-DEMAND WEBINAR: What Is A Next-Generation Firewall And Why Does It Matter

ON-DEMAND WEBINAR: What Is A Next-Generation Firewall And Why Does It Matter

See how to use next-generation firewalls (NGFWs) and how they boost your security posture.

ManageEngine

ManageEngine

As the IT management division of Zoho Corporation, ManageEngine prioritizes flexible solutions that work for all businesses, regardless of size or budget.

IT Governance

IT Governance

IT Governance is a leading global provider of information security solutions. Download our free guide and find out how ISO 27001 can help protect your organisation's information.

North Infosec Testing (North IT)

North Infosec Testing (North IT)

North IT (North Infosec Testing) are an award-winning provider of web, software, and application penetration testing.

Acunetix

Acunetix

Acunetix is a leading web vulnerability scanner, widely acclaimed to include the most advanced SQL injection and XSS black box scanning technology.

Azeti Networks

Azeti Networks

Azeti Networks is a global provider of IoT technology to a variety of verticals including telecomms, oil/gas, manufacturing, finance and healthcare.

Ivanti

Ivanti

Ivanti provide user-centered IT solutions designed to increase user productivity while reducing IT security risk.

Exatel

Exatel

Exatel is Poland’s leading provider of ICT security services.

Ellipsis Technologies

Ellipsis Technologies

Ellipsis Technologies is a diversified technology company that develops innovative security software for websites and online applications.

Cycuity

Cycuity

Cycuity (formerly Tortuga Logic) is a cybersecurity company that is transforming the way we secure silicon with comprehensive hardware security assurance.

Cyan Securiy Group

Cyan Securiy Group

Cyan provide best-in-class cyber security solutions for mobile Internet and mobile devices that are extremely effective and highly intuitive in their use.

TechRate

TechRate

Techrate is an analytics agency focused on blockchain technology and engineering. Or expertise includes security and technical audits of projects.

Zero Networks

Zero Networks

With Zero Network, you can achieve affordable, airtight network access security at scale.

BotGuard

BotGuard

BotGuard provides a service to protect your website from malicious bots, crawlers, scrapers, and hacker attacks.

CyberKnight Technologies

CyberKnight Technologies

CyberKnight Technologies is a cybersecurity focused value-added-distributor (VAD) headquartered in Dubai and covering the Middle East.

Guidepost Solutions

Guidepost Solutions

Guidepost Solutions are a diverse, global team of investigators, experienced security and technology consultants, and compliance and monitoring experts.

Cybertech Nepal

Cybertech Nepal

Cybertech Nepal is committed to provide high-quality cyber security solutions, including server assessment and hardening, forensics and malware analysis, end-point threat analysis, and VAPT.

Stacklok

Stacklok

Stacklok are an Open Source first security company enabling safe Open Source Software consumption.

Auxilion

Auxilion

Auxilion is an award-winning provider of consulting and IT support services, technologies and consulting for public and private organisations in the UK and Ireland.

Lintu Solutions

Lintu Solutions

Lintu Solutions is a trusted provider of comprehensive cybersecurity and enterprise risk management solutions.