Business Daily Media

Men's Weekly

.

Know your enemy – Thinking like a hacker

  • Written by Ryan Weeks, CISO at Datto

As companies are increasingly digitalising their data and processes and are now having to secure a larger diversity of distributed endpoints. However this then creates many more entry points for cyber threats to breach. Organisations need to transition from a mindset of ‘if’ an attack will take place to ‘when’.

Cyberattacks are taking place at an accelerated pace, becoming increasingly difficult to recover from and posing significant consequences. Given the frequency of attacks, the larger attack surface and the severity of attacks, investment in protection technologies is no longer enough. To be ready for an attack, companies are changing their tactics. They are now taking an ‘Assume Breach’ position, which entails combining their traditional cyber security programmes with robust incident response, crisis management and disaster recovery plans.

While the foundation of a comprehensive cyber resilience strategy encompasses the ability to identify, protect, detect, respond to and recover from threats, it is more about effective risk management. This means identifying which cyber security events would have the greatest impact on the organisation and prioritising defence measures accordingly. To achieve this level of protection, organisations need to understand the hacker, the playing field, and their defences.

Getting into the mind of a hacker

By far, gaining knowledge about the enemy is the most difficult of the three. To start, organisations need to study the threat actors and understand why they view the company as a viable target. In order to gain this level of knowledge, companies need answers to the following questions: what are the cyber criminals’ motives and goals, what are the tactics, techniques and procedures (TTPs) they use, how are the TTPs applicable to the business environment we operate, where would the attack most likely take place based on current defences, and how could it compromise the organisation, the supply chain or customers?

Pinpointing and knowing potential attackers is not easy. Fortunately, there are several open-source resources that provide insights into how cybercriminals operate. To start, the MITRE ATT&CK database provides a library of known adversary tactics and techniques. It provides information on cyber criminals’ behaviour and exposes the various phases of an attack lifecycle and the platforms these threat actors are known to target.

Understanding the playing field

Cyber resilience requires a comprehensive strategy to reduce risk. Basically, the risk is a function of the likelihood of a cyberattack and of it causing various adverse impacts. For instance, an event that is likely to happen but has minor consequences presents less overall risk than an event that is deemed likely but would cause significant consequences.

To truly understand the organisation’s exploitable surface, insight into the likelihood of being attacked via a particular attack vector is fundamental. Organisations first need to evaluate which of their assets have the highest probability of being attacked. Second, they need to determine how valuable these assets are to the company or their customers.

Prepare for battle: Ensure your organisation is cyber-attack ready

With insight into knowing which threat actors are lurking and their preferred attack surface, the organisation is ready to simulate their attack methods to determine where the greatest risks reside and take proactive measures to mitigate potential risk. This is best accomplished by reverse engineering a cyber criminal’s past breaches. The intelligence gained by this exercise enables organisations to prioritise and implement the most effective security controls against specific cybercriminals and their tactics and techniques.

It is important to note that adversary emulation is different from pen testing and red teaming in that it uses predetermined scenarios to test specific adversary TTPs. The goal of this process is to determine whether the tactics can be detected or even prevented. As part of the emulation exercises, it’s also important to examine technology, processes and people. This will provide a comprehensive understanding of how all defences work in unison. Be sure to repeat the testing until there’s a level of confidence that the organisation will prevail against the specific adversary.

How often to perform adversary emulation is dependent on the size and type of company. For instance, large organisations and MSPs should perform this exercise at least on a quarterly basis, SMEs at least once a year or whenever there is a major new threat, whereas for enterprises, a threat-informed defence programme needs to be an ongoing effort. However, there is no such thing as over testing an organisation’s cybersecurity.

While the processes may appear arduous and even overwhelming, it is impossible to build an efficient cyber resilience programme without understanding the methods attackers are going to use. Being ready to combat cyberattacks means thinking like a hacker to improve overall security.

Demand for Home Batteries surges as Federal Rebate Kicks In

A leading provider of energy solutions VoltX Energy has seen a 400% increase in demand for home batteries in the past three weeks as people put d...

Why Sport Remains the Safest Bet in an Uncertain World

When Rome was in crisis, its leaders did not retreat to the Senate. They went to the circus. To the chariot races. To the gladiators. Sport was no...

THE FINE LINE WITHIN HILARIOUS SIGNAGE DESIGN FAILS

It seems like design failures still occur in today’s modern branding era, despite rigorous rounds of approvals behind the scenes. One signage show...

Deputy Announces Exclusive Global Partnership with Predelo to Bring AI to Shift-Based Businesses

Deputy, the global people platform for shift-based businesses, has announced an exclusive partnership with Predelo, an AI Decision Agent-as-a-Serv...

Leftover Budget? The Last-Minute EOFY Tip to Drive Business Success in FY25/26

The countdown is on. With just days left until EOFY, now’s the time to make your remaining 2024–2025 budget work harder and smarter. After workin...

pay.com.au appoints new CEO and Managing Director

The former COO will lead the company’s next growth phase, with ex-CEO Edward Alder transitioning into the role of Managing Director AUSTRALIA, 25...

Sell by LayBy