In the ever-evolving landscape of cybersecurity, it’s evident that we’re no longer facing the hackers of yesteryears but a formidable breed of modern adversaries.
Today’s adversaries demand a disruptive and ruthless response, or businesses risk severe consequences. A recent incident involving the South African Department of Defense serves as a chilling reminder, that a ransomware group publicly flaunted stolen data as proof of their capability. When signs of a threat actor emerge, defenders must act decisively. To counter these threats effectively, organizations need to adopt a multi-faceted approach.
Here are six high-level steps to bolster your cyber defenses:
1. Create Risk-Based Cybersecurity Awareness: In an era of advanced security solutions, adversaries seek the path of least resistance. Unfortunately, that often leads them to exploit the human factor. The weakest link and the most significant attack vector in your defense chain is your workforce. Different departments require varying levels of training due to their interactions with potentially untrusted external parties. Finance, procurement, sales, legal, logistics, PR, and marketing teams are all susceptible to social engineering. IT personnel, holding elevated privileges over critical business systems, demand even more intensive training.
2. Reduce Perimeters: Threat actors are adept at pinpointing weak entry points. You inherently limit their attack surface by reducing your perimeter and minimizing internet-facing systems. Regular hygiene controls and stringent measures can make infiltration costly and complex. Defenders regain control by focusing on making it exceedingly difficult for adversaries to breach their defenses. The age-old concept of massive walls and gates in cybersecurity still holds value, but modern adversaries seek to steal the remote rather than breach the gates – it’s much easier to get in that way.
3. Extend Multi-Factor Authentication Across Your Estate: Multi-factor authentication (MFA) is an indispensable tool that must be extended to all applications, regardless of location (cloud or on-premise). This strategy thwarts cyberattacks even after unauthorized access is obtained. MFA not only restricts movement within your IT estate but also enhances the ability to detect intrusions. Suspicious activity can be flagged early, offering defenders an upper hand.
4. Use Endpoint Detection and Response (EDR): The age of sophisticated administration by modern adversaries demands a shift from traditional malware-focused detection to anomaly and behavior-based approaches. EDR solutions detect anomalies in asset behavior and alert cybersecurity teams promptly. Adversaries often mimic legitimate user actions, rendering standard detection measures inadequate. Behavior-based detection detects abnormalities beyond malicious software, expediting response times.
5. Implement a Multi-Faceted Privileged Access Strategy: Privilege-based access limits the blast radius in case of a breach. By closely monitoring and sealing unauthorized pathways, you confine them to a controlled environment. Role-based access significantly hampers their movement, as each identity is restricted to systems relevant to their function. Even if an adversary gains access, their ability to navigate and cause damage is severely restricted.
6. Deploy a Defense-in-Depth Architecture: A robust defense-in-depth architecture establishes a symbiotic relationship between prevention, detection, and response. An attacker bypassing a specific prevention measure doesn’t equate to a successful compromise. Effective detection and swift response can mitigate the impact. This approach also reduces the blast radius of an attack and limits communication between the threat actor and compromised machines.
The dynamic nature of threats necessitates continuous strategy refinement. While building a robust perimeter is crucial, understanding the modern adversary is equally vital. Their goal is not to breach your defenses but to silently steal the keys to your kingdom.
Incorporating these strategies fortifies your defenses by narrowing attack vectors, bolstering employee awareness, and establishing responsive measures. In the world of cybersecurity, it’s not a matter of if but when an attack will occur. The key lies in being prepared and resilient in the face of adversity.
By Armand Kruger, Head of Cyber Security at NEC XON