Protect Your Organisation - Know Your Enemy

Digitalisation has been a buzzword for a while, and many organisations have made significant progress towards digitalising the majority of their data and processes. Unfortunately, those digital assets are attractive to cyber criminals, too: they present a considerable cyber risk across a large attack surface. 

With the expansion of the Internet of Things, endpoints are becoming more distributed and diverse, prompting warnings that tomorrow’s attacks might include targets which were previously believed to be secure such as insulin pumps, pacemakers or connected cars. It’s no longer a matter of ‘if’ an attack takes place but ‘when’. Given the frequency, extended attack surface, and the severity of attacks, understanding where potential attacks might come from and how they could affect your organisation is more critical than ever.

Not only are cyber attacks happening at an accelerated pace, they are also becoming increasingly difficult to recover from and carry greater ramifications. The ransomware threat is now endemic, and the rise of crypto currencies has provided the means for cyber criminals to carry out anonymous, risk-free attacks. We’re beginning to witness the dawning of a new age. One where organisations are taking an ‘assume breach’ position and developing solid response and recovery capabilities with incident response, crisis management, and disaster recovery plans alongside their traditional cyber security programmes. 

Although critical, protection technologies are no longer enough. Being able to identify, protect, detect, as well as respond to and recover from threats is imperative: those capabilities form the basis of a comprehensive cyber resilience strategy. Cyber resilience, however, is also about reducing risk – knowing which cyber security events would have the greatest impact on your organisation and prioritising your defence measures accordingly. To improve overall protection, organisations need to know their ‘enemy’, ‘battlefield’, and ‘themselves’. 

Know Your Adversaries

More than just having a degree of familiarity, knowing your enemy is the most difficult aspect. You need a good understanding of the threat actors that are taking an interest in your organisation, and why they see you as a viable target. Gaining this level of knowledge requires answers to: what are their motivation and objectives, what are the tactics, techniques, and procedures (TTPs) used, how are they applicable to your environment, where would the attack most likely take place, and how could it compromise your business, your supply chain, or your customers?

There are several open-source resources available that provide insights into how threat actors operate. The MITRE ATT&CK database provides a library of known adversary tactics and techniques, and provides information on cyber criminals’ behaviour, reflecting the various phases of an attack lifecycle and the platforms they are known to target. The ThaiCERT also provides a useful encyclopaedia of threat actors. For the most up-to-date insights, security vendors monitor cyber criminals and publish their findings. For example, Datto’s Threat Management Cyber Forum provides threat profiles, signatures, and information on threats targeting the MSP community and their SMB customers. 

Know Your Battleground

To fully appreciate your exploitable surface, you need insight into the likelihood of being attacked via a particular attack vector. Organisations first need to evaluate which of their assets have the highest probability of being attacked. Second, they need to determine how valuable these assets are to the company or their customers. 

Being cyber attack ready requires a comprehensive cyber resilience strategy that consists of five components: identify, protect, detect, respond, and recover. Cyber resilience also encompasses reducing risk. Risk is a function of likelihood and adverse impact. For instance, an event that is likely to happen but has minor consequences, presents less overall risk than an event that is deemed unlikely, but would cause significant damage. Knowing which cyber security events would have the greatest impact and prioritising defence measures accordingly is essential to a risk-based approach. 

Know How To protect Yourself

Once you know which cyber criminals are lurking and their preferred battleground, you’re able to simulate their methods to determine where your greatest risks reside and what is needed to mitigate potential risk. By reverse engineering a cyber criminal’s past breaches, you can confidently prioritise and implement the most effective security controls against threat actor specific tactics and techniques. To test your configurations, there are several open-source free tools that emulate specific adversaries, such as Caldera (which leverages the ATT&CK model) or Red Canary’s Atomic Red Team.

Adversary emulation is different from pen testing and red teaming in that it uses a scenario to test a specific adversary’s TTPs. The goal is to determine whether the tactics can be either prevented or detected in your environment. Additionally, it’s important to examine technology, processes, and people to fully understand how your defences work in unison. This process needs to be repeated until you’re confident that you will prevail against this adversary.

Large organisations and MSPs should conduct adversary emulation on a quarterly basis, SMEs at least once a year or whenever there is a major new threat, and for enterprises, a threat-informed defence programme is an ongoing effort. Additionally, at a minimum, all organisations should follow the CIS Critical Security Controls – spending ample time on Implementation Group 1 (IG1).

While the processes may seem overwhelming, improving overall security is imperative and needs to be given the highest priority.

Ryan Weeks is CISO at Datto

You Might Also Read: 

Penetration Testing & Ethical Hackers:

 

 

« CYRIN Enters A Strategic Alliance With Cyber Ireland
Lithuania & Poland Issue Cyber Attack Warnings »

CyberSecurity Jobsite
Perimeter 81

Directory of Suppliers

ManageEngine

ManageEngine

As the IT management division of Zoho Corporation, ManageEngine prioritizes flexible solutions that work for all businesses, regardless of size or budget.

DigitalStakeout

DigitalStakeout

DigitalStakeout enables cyber security professionals to reduce cyber risk to their organization with proactive security solutions, providing immediate improvement in security posture and ROI.

Jooble

Jooble

Jooble is a job search aggregator operating in 71 countries worldwide. We simplify the job search process by displaying active job ads from major job boards and career sites across the internet.

BackupVault

BackupVault

BackupVault is a leading provider of automatic cloud backup and critical data protection against ransomware, insider attacks and hackers for businesses and organisations worldwide.

Practice Labs

Practice Labs

Practice Labs is an IT competency hub, where live-lab environments give access to real equipment for hands-on practice of essential cybersecurity skills.

Micron Technology

Micron Technology

Micron is a global leader in the semiconductor industry providing memory and secure storage devices for Networks, Mobile devices and IoT applications.

Oodrive

Oodrive

Oodrive is the first trusted European collaborative suite allowing users to collaborate, communicate and streamline business with transparent tools that ensure security.

Secmentis

Secmentis

Secmentis is a cyber security consultancy specializing in penetration testing, threat intelligence, and proactive defense for your IT infrastructure.

Cyber Resilient Energy Delivery Consortium (CREDC)

Cyber Resilient Energy Delivery Consortium (CREDC)

CREDC performs multidisciplinary R&D in support of the Energy Sector Control Systems Working Group’s Roadmap of resilient Energy Delivery Systems (EDS).

Tenzir

Tenzir

Tenzir's primary focus lies on network forensics: the systematic investigation of cyber attacks with big data analytics.

AU10TIX

AU10TIX

AU10TIX’s smart forensic-level ID authentication technology links physical and digital identities, meets compliance mandates, and ensures your customers know their trust and safety come first.

CYBER.ORG

CYBER.ORG

CYBER.ORG's goal is to empower educators as they prepare the next generation to succeed in the cyber workforce of tomorrow.

Infopercept Consulting

Infopercept Consulting

Infopercept is a leading cybersecurity company in India, providing a critical layer of security to protect business information, infrastructure & assets across the organization.

Rezonate

Rezonate

Rezonate discovers, profiles, and protects Identities and their entire access journey to cloud infrastructure and critical SaaS applications. Preventing and stopping cyberattacks.

Flotek

Flotek

Flotek is an IT & Comms service provider delivering SMEs with trusted, innovative and cost effective cloud technology, with confidence, clarity and clout.

ZILLIONe

ZILLIONe

ZILLIONe is one of Sri Lanka´s top enterprise technology solutions providers.

Global Resilience Federation (GRF)

Global Resilience Federation (GRF)

GRF builds, develops and connects security information sharing communities for mutual defense.

Denodo

Denodo

Denodo transforms the way organizations operate by unifying their data assets in real time and making data ubiquitous and secure to all users and business applications.

AI or Not

AI or Not

AI or Not - Leverage AI to combat misinformation and elevate the landscape of compliance solutions.

Getvisibility

Getvisibility

Getvisibility enables customers to detect, classify and protect sensitive information increasing data security, governance, compliance and lowering the risk of losing valuable data.

Orca Fraud

Orca Fraud

Orca is an AI-driven fraud orchestration platform. We empower fraud fighters to outpace fraud using our custom ML models.