If you are anything like me, you will be continuously fixated on what more can be done to prevent intrusions into your network. If this is what you think about then you should not consider this a measure of being poorly prepared, but rather, a consideration of your engagement in proactive analysis of your environment… Ironically, attackers will be taking the same approach!
As we head into March and if you are considering adding cyber resilience to your organisation’s portfolio, I would suggest considering an offensive security approach to bolster your existing defensive strategy. By staying informed about potential risks and vulnerabilities and responding appropriately to mitigate them, you will automatically advance your reporting metrics.
Cyber threat intelligence, continuous scanning, and offensive security-led threat modelling are three critical tools that can be used to create cyber resilience. I believe organisations must understand the importance of these tools and integrate them into their cybersecurity strategy to reduce the risks associated with networks and data.
Cyber threat intelligence involves gathering and analysing information about potential cyber threats and attackers to show and prevent attacks before they occur. By monitoring the threat landscape and staying up to date on the latest tactics and techniques used by cybercriminals, organizations can better protect themselves against potential attacks. Cyber threat intelligence also involves identifying and analysing cyber threat indicators to help detect and respond to cybersecurity incidents quickly.
Continuous scanning is another crucial tool in creating cyber resilience and is a particular architectural component of the secure-by-design guiding principles. It involves the regular scanning of an organization’s network and systems for vulnerabilities and weaknesses that could be exploited by attackers. By promptly mitigating vulnerabilities in a timely manner, organizations can reduce the risk of a successful attack. Continuous scanning should be an ongoing process and should include vulnerability assessment, penetration testing, and network and system monitoring.
Offensive security-led threat modelling proactively identifies potential vulnerabilities in an organization’s systems and applications. It involves taking an attacker’s perspective and simulating potential attacks to identify weaknesses that could be exploited. Organizations can proactively identify and mitigate potential risks by conducting threat modelling exercises. Offensive security-led threat modelling should be conducted regularly and should involve all stakeholders, including developers, system administrators, and cybersecurity professionals.
If you liked this content…
Cybersecurity threats biggest networking challenge to public sector
Embracing neurodiversity within a cyber security role
Secure by Design: An overview of cyber resilience lifecycle management
TDP welcomes SolarWinds to the Cybersecurity Directory
US calls for urgent collaboration with EU on cybersecurity
I believe the importance of these tools cannot be overstated, and organizations that fail to implement them are at risk of suffering from cybersecurity incidents. For example, in 2013, Target suffered a massive data breach that exposed millions of customers personal and financial information. The breach occurred due to a vulnerability in Target’s payment system that allowed hackers to install malware on the company’s point-of-sale machines. Target was heavily criticized for its lack of cybersecurity measures, including a failure to detect the malware that had been installed on its payment systems. If Target had implemented continuous scanning and offensive security-led threat modelling, it may have identified the vulnerability in its payment system and taken steps to mitigate the risk before the breach occurred.
Another example is the WannaCry ransomware attack that occurred in 2017. The attack infected over 300,000 computers in 150 countries, causing massive disruption to businesses and governments worldwide. The attack exploited a vulnerability in Microsoft Windows that had been identified by the National Security Agency (NSA) and later stolen by a group of hackers. The attack could have been prevented if organizations had implemented timely patching and vulnerability management practices, including continuous scanning to identify and remediate any vulnerabilities. Cyber threat intelligence could have also been used to monitor for any indications that the vulnerability had been exploited by cybercriminals.
The SolarWinds supply chain attack in 2020 is another example of the importance of these tools. The attack targeted the software company SolarWinds, which provides network management software to many large organizations. The attack involved hackers compromising SolarWinds’ software development system and inserting a backdoor into the company’s Orion software updates. This attack highlights the importance of cyber threat intelligence, which can help organizations stay informed about potential supply chain attacks and other emerging threats. Offensive security-led threat modelling could also be used to identify potential vulnerabilities in software development processes and supply chains.
In conclusion, organizations that implement these tools are better placed to protect themselves from cybersecurity threats. By taking a proactive approach to cybersecurity and staying up to date on the latest threats and vulnerabilities, organizations can identify potential risks and take appropriate actions to mitigate them.
Robert di Schiavi (Sherlock) will be speaking at our Think Cybersecurity for Government virtual conference on April 27th. You can register to attend here.
