Protect Your Organisation - Know Your Enemy

Digitalisation has been a buzzword for a while, and many organisations have made significant progress towards digitalising the majority of their data and processes. Unfortunately, those digital assets are attractive to cyber criminals, too: they present a considerable cyber risk across a large attack surface. 

With the expansion of the Internet of Things, endpoints are becoming more distributed and diverse, prompting warnings that tomorrow’s attacks might include targets which were previously believed to be secure such as insulin pumps, pacemakers or connected cars. It’s no longer a matter of ‘if’ an attack takes place but ‘when’. Given the frequency, extended attack surface, and the severity of attacks, understanding where potential attacks might come from and how they could affect your organisation is more critical than ever.

Not only are cyber attacks happening at an accelerated pace, they are also becoming increasingly difficult to recover from and carry greater ramifications. The ransomware threat is now endemic, and the rise of crypto currencies has provided the means for cyber criminals to carry out anonymous, risk-free attacks. We’re beginning to witness the dawning of a new age. One where organisations are taking an ‘assume breach’ position and developing solid response and recovery capabilities with incident response, crisis management, and disaster recovery plans alongside their traditional cyber security programmes. 

Although critical, protection technologies are no longer enough. Being able to identify, protect, detect, as well as respond to and recover from threats is imperative: those capabilities form the basis of a comprehensive cyber resilience strategy. Cyber resilience, however, is also about reducing risk – knowing which cyber security events would have the greatest impact on your organisation and prioritising your defence measures accordingly. To improve overall protection, organisations need to know their ‘enemy’, ‘battlefield’, and ‘themselves’. 

Know Your Adversaries

More than just having a degree of familiarity, knowing your enemy is the most difficult aspect. You need a good understanding of the threat actors that are taking an interest in your organisation, and why they see you as a viable target. Gaining this level of knowledge requires answers to: what are their motivation and objectives, what are the tactics, techniques, and procedures (TTPs) used, how are they applicable to your environment, where would the attack most likely take place, and how could it compromise your business, your supply chain, or your customers?

There are several open-source resources available that provide insights into how threat actors operate. The MITRE ATT&CK database provides a library of known adversary tactics and techniques, and provides information on cyber criminals’ behaviour, reflecting the various phases of an attack lifecycle and the platforms they are known to target. The ThaiCERT also provides a useful encyclopaedia of threat actors. For the most up-to-date insights, security vendors monitor cyber criminals and publish their findings. For example, Datto’s Threat Management Cyber Forum provides threat profiles, signatures, and information on threats targeting the MSP community and their SMB customers. 

Know Your Battleground

To fully appreciate your exploitable surface, you need insight into the likelihood of being attacked via a particular attack vector. Organisations first need to evaluate which of their assets have the highest probability of being attacked. Second, they need to determine how valuable these assets are to the company or their customers. 

Being cyber attack ready requires a comprehensive cyber resilience strategy that consists of five components: identify, protect, detect, respond, and recover. Cyber resilience also encompasses reducing risk. Risk is a function of likelihood and adverse impact. For instance, an event that is likely to happen but has minor consequences, presents less overall risk than an event that is deemed unlikely, but would cause significant damage. Knowing which cyber security events would have the greatest impact and prioritising defence measures accordingly is essential to a risk-based approach. 

Know How To protect Yourself

Once you know which cyber criminals are lurking and their preferred battleground, you’re able to simulate their methods to determine where your greatest risks reside and what is needed to mitigate potential risk. By reverse engineering a cyber criminal’s past breaches, you can confidently prioritise and implement the most effective security controls against threat actor specific tactics and techniques. To test your configurations, there are several open-source free tools that emulate specific adversaries, such as Caldera (which leverages the ATT&CK model) or Red Canary’s Atomic Red Team.

Adversary emulation is different from pen testing and red teaming in that it uses a scenario to test a specific adversary’s TTPs. The goal is to determine whether the tactics can be either prevented or detected in your environment. Additionally, it’s important to examine technology, processes, and people to fully understand how your defences work in unison. This process needs to be repeated until you’re confident that you will prevail against this adversary.

Large organisations and MSPs should conduct adversary emulation on a quarterly basis, SMEs at least once a year or whenever there is a major new threat, and for enterprises, a threat-informed defence programme is an ongoing effort. Additionally, at a minimum, all organisations should follow the CIS Critical Security Controls – spending ample time on Implementation Group 1 (IG1).

While the processes may seem overwhelming, improving overall security is imperative and needs to be given the highest priority.

Ryan Weeks is CISO at Datto

You Might Also Read: 

Penetration Testing & Ethical Hackers:

 

 

« CYRIN Enters A Strategic Alliance With Cyber Ireland
Lithuania & Poland Issue Cyber Attack Warnings »

CyberSecurity Jobsite
Perimeter 81

Directory of Suppliers

NordLayer

NordLayer

NordLayer is an adaptive network access security solution for modern businesses — from the world’s most trusted cybersecurity brand, Nord Security. 

Alvacomm

Alvacomm

Alvacomm offers holistic VIP cybersecurity services, providing comprehensive protection against cyber threats. Our solutions include risk assessment, threat detection, incident response.

Directory of Cyber Security Suppliers

Directory of Cyber Security Suppliers

Our Supplier Directory lists 7,000+ specialist cyber security service providers in 128 countries worldwide. IS YOUR ORGANISATION LISTED?

DigitalStakeout

DigitalStakeout

DigitalStakeout enables cyber security professionals to reduce cyber risk to their organization with proactive security solutions, providing immediate improvement in security posture and ROI.

IT Governance

IT Governance

IT Governance is a leading global provider of information security solutions. Download our free guide and find out how ISO 27001 can help protect your organisation's information.

PrimeKey

PrimeKey

PrimeKey provides organisations with the ability to implement security solutions such as e-ID, e-Passports, authentication, digital signatures, unified digital identities and validation.

Destel

Destel

Destel is a system integrator and provider of IT services focused on Advanced Network & Security Solutions.

National Forensic Sciences University (NFSU) - India

National Forensic Sciences University (NFSU) - India

National Forensic Sciences University is the world’s first and only University dedicated to Digital Forensic and allied Sciences.

Agility Networks

Agility Networks

Agility Networks is a technology company providing integrated services and solutions for Digital Transformation and Cyber Security.

Andreessen Horowitz (a16z)

Andreessen Horowitz (a16z)

Andreessen Horowitz (known as "a16z") is a venture capital firm in Silicon Valley, California that backs bold entrepreneurs building the future through technology.

Lumu Technologies

Lumu Technologies

Lumu is a cybersecurity company that illuminates threats and attacks affecting enterprises worldwide.

Digital Fingerprints

Digital Fingerprints

Digital Fingerprints provides continuous authentication with behavioural biometrics. Protection against account takeover and session takeover. Compliant with GDPR and PSD2.

Carve Systems

Carve Systems

Carve Systems was founded to bring enterprise level information security, training, and risk management services to organizations of any size and industry.

Technology Innovation & Startup Centre (TISC)

Technology Innovation & Startup Centre (TISC)

TISC is a startup incubator at the Indian Institute of Technology Jodhpur (IITJ) and we back deep-tech startups.

TXOne Networks

TXOne Networks

TXOne Networks offer cybersecurity solutions to protect your industrial control systems to ensure their reliability and safety from cyberattacks.

Lupovis

Lupovis

Lupovis is an AI-based deception solution that deploys active decoys turning your network from a flock of sheep to a pack of wolves where the hunter becomes the hunted.

Obrela Security Industries

Obrela Security Industries

Obrela provides security analytics and risk management services to identify, analyze, predict and prevent highly sophisticated security threats in real time.

Buguard

Buguard

Buguard is a multi-award-winning supplier of Application Security Assessments and GRC services.

Wired Assurance

Wired Assurance

Wired Assurance is a testing and assurance company, specialized in software applications and blockchain smart contracts.

Heyhack

Heyhack

Heyhack is a SOC 2 Type II certified automated penetration testing platform for web apps and APIs.

NuKuDo

NuKuDo

NukuDo redefine the boundaries of cybersecurity talent development. We are dedicated to cultivating top-tier professionals equipped to tackle the complex challenges of cybersecurity.