Short Summary:
The article discusses the challenges faced by security professionals in managing unpredictability in the cyber world. It emphasizes the importance of focusing on controllable factors, conducting risk assessments, leveraging threat modeling, and maintaining open communication with stakeholders. The piece also highlights the role of threat intelligence and tailored strategies for different organizations to enhance cyber resilience.
Key Points:
- Security professionals deal with unknowns and unpredictability in cybersecurity.
- Focus on controllable elements like tools, applications, and services.
- Identify and protect the organization’s “crown jewels.”
- Conduct regular risk assessments and vulnerability scans.
- Utilize threat modeling to understand unique risks.
- Gather threat intelligence to anticipate future threats.
- Different strategies are needed for large vs. small organizations.
- Communication with stakeholders is crucial for managing risks.
- Proactive measures and regular updates can help prepare for crises.
MITRE ATT&CK TTPs – created by AI
- Initial Access – T1078
- Utilizing valid accounts to gain access to systems.
- Execution – T1203
- Exploiting software vulnerabilities to execute malicious code.
- Persistence – T1547
- Establishing persistence through various methods like registry run keys.
- Privilege Escalation – T1068
- Exploiting vulnerabilities to gain elevated access to resources.
- Defense Evasion – T1027
- Obfuscating malware to evade detection.
- Credential Access – T1003
- Stealing credentials through various means, including keylogging.
- Discovery – T1083
- Gathering information about the system and network.
- Exfiltration – T1041
- Transferring data out of the organization.
- Impact – T1486
- Data destruction or manipulation to disrupt operations.
As security professionals we’re used to dealing with unknowns and unpredictability. We understand that it’s impossible to always know what’s around the corner. It’s not just about external threats and the big breaches splashed across the news headlines. On one hand, we’re combating threat actors attempting to steal information, money or simply trying to cause havoc. On the other, we’re trying to better understand employee behaviour amidst the myriad of applications they use on a daily basis; always vigilant for any suspicious activity. And while it certainly makes our jobs interesting, unpredictability runs contrary to how the organisations we protect prefer to operate.
Predicting what’s going to happen in our cyber world is nearly impossible. A greater challenge is explaining this to stakeholders and conveying how difficult it is to get (and stay) one step ahead of threat actors. We’re paid to understand this, yet it can often feel like shooting in the dark when anticipating the next strike.
Senior leadership teams thrive on certainty and predictability. So how do you plan and manage this?
Focus on what you can control
Ultimately, you can only control what’s in front of you. The tools, applications and services the business uses to operate. While this might seem obvious, many people spend a considerable amount of time and energy on things that can’t influence.
Your time is best spent focusing on what’s visible and within reach. Begin by identifying the crown jewels of your organisation — understanding the scope of your environment and what exactly you’re protecting. Then, implement controls and monitor for abnormalities.
Regularly conduct comprehensive risk assessments and vulnerability scans to identify potential weaknesses in your organisation’s IT infrastructure. This helps uncover existing vulnerabilities and potential entry points for cyber threats, particularly in areas where the ‘crown jewels’ are held!
Leverage threat modelling
Threat modelling provides very useful analysis, unique to your organisation. Various factors determine your threat model including industry, compliance and regulations and finally, customers. Using your threat model as a guide, you can get a clear picture of the unique risks your business faces and design controls around those. These insights can also inform your approach to Table Top Exercises, preparing you for potential incidents.
While predicting a threat actor’s next steps is challenging, gathering and understanding this information through these exercises can enhance your ability to anticipate future threats. Afterall, identifying unknowns is crucial.
With a clear focus on what you’re protecting, you’re now able to analyse and draw learnings from past events, which is often a good predictor of future occurrences. While threat actors are often portrayed as volatile and unpredictable (and this is true in some cases), they’re only human – and humans are creatures of habit. Recognizing patterns in their behaviour can provide valuable insights.
This is where threat intelligence gathering is extremely useful. Make sure you stay informed about the latest cyber threats and attack trends by monitoring reputable sources of threat intelligence. Placing yourself in a position to better understand what trends and patterns have occurred in the past, may help you better predict the types of threats or vulnerabilities your organisation could be subject to in the future.
How Rapid7 can help – Threat Command
Threats can come from any direction. Rapid7’s Threat Command scans the clear, deep, and dark webs for potential dangers before they affect your organisation. It provides contextualised alerts on threats affecting your business, proactively researching malware, tactics, techniques, and procedures (TTPs), phishing scams, and other threat actors. Threat Command replaces point solutions with an all-in-one external threat intelligence, digital risk protection, indicators of compromise (IOCs) management, and remediation solution.
Find out more.
Proactive profiling
Conducting risk assessments, vulnerability scans and gathering threat intelligence helps you to understand the ‘cyber profile’ of your organisation. This preparation helps you anticipate the types of threats typically used against similar-sized organisations or those in your industry. There are trends and patterns that emerge., for example, our Ransomware Data Disclosure Report found that internal financial data was leaked 71% of the time in the healthcare and pharmaceutical sectors — more than in any other industry, including financial services.
Tailored strategies for different organisations
Threat actors focus on ‘big fish’ because they’re often newsworthy and recognizable – threat actors have egos too! Large organisations should consider strong encryption and network segmentation to contain potential threats. Prioritise data types for additional protection.
For smaller organisations, where an online presence is critical but public profile is lower, backup and recovery are essential. This is in case systems are locked or shut down. Ensure software and systems are up-to-date with the latest security patches to prevent threats exploiting known vulnerabilities. Automate this process to keep it off the to-do list.
Building a detailed picture of your data and crown jewels allows you to reduce risks and build cyber resilience, identifying potential unknowns along the way.
How Rapid7 can help – Managed Detection and Response
Managed Detection and Response (MDR) services accelerate your team’s incident-response capabilities with end-to-end service. Acting as a seamless extension of your team, our experts monitor your business 24/7/365.. They leverage proprietary technology and analytics to keep your business safe against advanced threats. You can also gain access to our award winning VRM technology to perform unlimited scans to your in-scope environment to spot vulnerabilities before they’re exploited by threat actors.
Find out more.
Communication is key
But don’t forget — communication is key. Organisations crave predictability and cybersecurity can often appear to be a ‘black box’ to those unfamiliar with it. Transparent lines of communication and regular updates means you can paint a clear picture of potential risks that could impact your business (not to mention the business benefits of investing in security).
Proactivity is essentia. With so much happening in our field, it can be tempting to simply react and respond to what’s going on around us. However, demanding weekly updates with your stakeholders and keeping them informed of your work will make managing a crisis more bearable. This way, if something unpredictable happens, it won’t be a complete surprise, and you’ll be better prepared to manage it and your senior leaders.
Source: Original Post