Boost Your Organization Digital Immunity

-

 

Analyst Opinion

  • Cybersecurity is a topic that practically every company must tackle
  • Driven by an increasing awareness of risks and threats, the market for cybersecurity solutions is growing fast
  • Whilst it was common to dismiss cybersecurity as a task for the IT department, it is now increasingly becoming part of top-level strategic planning
  • The COVID-19 crisis led to many companies having to reduce or delay investments, also in cybersecurity
  • At the same time, new impetus is generated due to a strong shift to mobile working and increasing cyberattacks
  • The market is expected to continue showing strong growth, albeit at a lower level than in the past because of the change in trend towards more target-oriented investments
  • North America is the dominant region in this market, and the largest segment is IT Services.
ELEMENTS OF AN EFFECTIVE DEFENSE 

  • What is the goal of an effective cyberdefense? 
  • Simply stated, the goal is to take the onus of perfection off of the defender and push it back onto the attacker, where it belongs
  • With an ineffective cyberdefense, the defender has to do everything perfectly to protect the enterprise
  • With an effective cyberdefense, the attacker has to do everything perfectly to attack the enterprise 
Defensive techniques that are particularly effective at disrupting, detecting, delaying, and defeating common attacks to include the following: 
  • Network segmentation 
  • Strong authentication 
  • Detection 
  • Incident response 
  • Resiliency
EFFECTIVE DEFENSIVE TECHNIQUE 1—NETWORK SEGMENTATION
Network segmentation 
  • It is the oldest effective defensive technique
  • It has been used for decades to protect classified military and civilian network
  • Stuxnet attack demonstrated that even isolated,  air-gapped networks can be attacked. 
Segmentation and network isolation
  • They make the attackers’ job orders of magnitude more difficult than attacking a monolithic, fully connected, and unmonitored internal network
  • In legacy networks, Internet-facing DMZ servers are isolated, but everything else is in a single “trusted zone.” 
  • In fully segmented networks, each major function is isolated from the others. 
In general, the network segmentation model should be as follows: 
  • Nested (cybercastle analogy) 
  • Integrated into the enterprise security scope architecture (risk assessments)
  • Systems in different security scopes should be segmented at the network layer
  • In between network segments, the enterprise should have its full range of network protection capabilities such as firewalls, IDS/IPS sensors, network recorders, and data leakage protection technologies. 
Well-segmented networks
  • Allow legitimate network traffic to follow straightforward patterns that are easy to protect; and 
  • Allow traffic to follow patterns that can be monitored so security can respond to malicious patterns
  • The best defense is the one that detects the attackers and alerts defenders so they can respond.
EFFECTIVE DEFENSIVE TECHNIQUE 2—STRONG AUTHENTICATION
Traditional authentication 
  • Consists of a username and password 
  • Relatively easy for attacker to find such credentials 
Strong authentication 
  • Involves users proving who they are over a network or on enterprise computers by combining something they have with something they know 
  • Requires the attacker to physically steal the token used for secondary authentication or clone the token 

Is strong authentication foolproof?
  • Absolutely not! –Subject to “session hijacking” where attackers take control of the user’s computer and then wait for the user to log on before sending illicit commands 
  • Overall significantly reduces the odds of a user’s credentials being used without the user’s consent or knowledge
  • Segmentation protects security scopes (and business functions) from each other
  • Network security methods can detect attacker attempts to move laterally across the segmented network
  • Strong authentication coupled with solid network segmentation contributes to an effective cyberdefense 
EFFECTIVE DEFENSIVE TECHNIQUE 3—DETECTION
  • In many cases, an enterprise may not care if an attacker gains control of a single enterprise system or a single user account from the Internet or even inside the environment—particularly over a short period of time
What makes these attacks insidious is the following: 
  • If the attacks are allowed to progress for hours or days or weeks or months, undetected and unchecked 
  • If attackers gain control of enterprise systems administration systems 
  • If the enterprise simply blocks attackers, they will continue to pound on enterprise defenses over time until they can get around the block.
  • Given enough time, attackers will eventually defeat every obstacle the enterprise can put in their way 
  • Design enterprise controls focus on detecting the adversary activity first, and then preventing it. In other words, think of the Audit First Design Methodology.
  • Just as a minefield is most effective when the mines are arranged in haphazard, unpredictable patterns, an enterprise’s detective controls are most effective when they are somewhat arbitrary and hard to predict
 Simple, but effective, detection rules include the following: 
  • On segmented network :
  • Detect port and network scans that extend from one segment to the next
  • Detect systems administration protocols such as secure shell or remote desktop when they originate from servers. 
  • For privileged accounts :
  • Send administrators a daily report showing all the computers where their accounts were used, along with an admonition to report any suspected account abuse. 
Alert 
  • On the use of network administration tools or scanning tools from workstations such as ping or traceroute
  • On the use of highly privileged network or service accounts on machines outside of the datacenter
  • On changes to static web content on Internet-facing servers
  • On outbound web connections other than patch downloads from Internet-connected servers
  • On protocol anomalies in standard web traffic such as domain name service or simple mail transfer protocol.
  • Just as a minefield is most effective when the mines are arranged in haphazard, unpredictable patterns, an enterprise’s detective controls are most effective when they are somewhat arbitrary and hard to predict
EFFECTIVE DEFENSIVE TECHNIQUE 4—INCIDENT RESPONSE
  • Some cyberattackers penetrate cyberdefenses no matter how well the defenses are designed, implemented, or maintained
Detecting cyberattackers is not going to save an enterprise if it does not have anyone 
  • Responding to those alerts
  • Investigating them to filter out false positives to identify the real attacks
  • Repelling those attacks so that business can continue. 
Incident response can be done by 
  • An enterprise response team that is always on standby; and 
  • A third party who is kept on retainer or otherwise engaged
  • It is critical the enterprise perform incident response to repel attacks when they occur and send the attackers back to their starting points.
EFFECTIVE DEFENSIVE TECHNIQUE 5—RESILIENCY

  • Perhaps the most important property of an effective cyberdefense is resiliency. “Resiliency is the enterprise’s ability to withstand attacks that successfully compromise endpoints, servers, and accounts without those attacks resulting in the attackers gaining complete control. ” 
Resiliency means the following: 
  • Defenders have ability to dynamically respond to cyberattacks by containing them, remediating them, or isolating them 
  • Attacker’s plan is disrupted and defenders have time and room to maneuver in response to the attack. 
Resiliency includes the ability to: 
  • Rapidly rebuild compromised servers or endpoints;
  • Reset user credentials and obtain detailed logs of user account activity of accounts that may have been compromised
  • Rapidly restore data or applications from backups that are known to be good and free of infection or malware
  • Isolate sections of the enterprise, or even the entire enterprise, from the Internet so attackers lose the ability to control their foothold. 
  • Resiliency gives defenders options in an incident response (that is, agility) that makes it possible for defenders to outmaneuver their attackers
  • Defenders can take control of the situation, achieve rapid containment, and remediate incidents before adversaries gain administrative control and complete their objective
  • Resiliency gives defenders options in an incident response (that is, agility) that makes it possible for defenders to outmaneuver their attackers
  • Defenders can take control of the situation, achieve rapid containment, and remediate incidents before adversaries gain administrative control and complete their objective



References 

Enterprise Cybersecurity Study Guide - How to Build a Successful Cyberdefense Program Against Advanced Threats - © S. Donaldson, S. Siegel, C. Williams, A. Aslam 2018

https://www.insightassessment.com/article/cyber-security-starts-with-critical-thinking  

https://www.statista.com/outlook/tmo/cybersecurity/worldwide#revenue  

https://www.enisa.europa.eu/publications/enisa-threat-landscape-2021  



#DigitalTransformation
#Digitalization
#Digitization
#Transformation
#Training
#التحول الرقمي
#الرقمنة
#التدريب
#EnterpriseArchitecture
#Security
#InformationSecurity
#Innovation
#ArtificialIntelligence

Comments

Post a Comment

Popular posts from this blog

Benefits of SMS Marketing for Small Business

-
Image
Tweet Benefits of SMS Marketing for Small Business Compared to other forms of advertising, SMS marketing provides the lowest cost and highest return rate that is crucial in today’s shrinking economy and budgets. Most have cut back on traditional marketing due to costs. But that just drives down your sales. SMS marketing scales with your campaign and sales growth making the ROI higher the larger you grow, not the other way around. SMS marketing is also permission based. The customer has given you permission to contact them through our SMS platform. Customers that opt-in to receive information are most likely to buy over someone who receives a direct mail piece, reads your ad in the newspaper or hears your ad on the radio. Other main advantages of SMS marketing over traditional advertising: Cost:   The larger your campaign gets, the lower the costs become on a per customer basis. Reach: Your customer’s always have their mobile phone with them. No matter where
Read more

SETUP AND CREATE YOUR BUSINESS MARKETING BLOG

-
Image
Tweet Web logs or ‘ blogs ’ are best known as an easy method of publishing personal web pages which are online journals or diaries. But the power of business blogs, which are created by people within an organization, is often underestimated. Business blogs can be created by individuals, but they are often best with features from different columnists on different types of topics. This way, different columnists can specialize on different features or viewpoints just as for a magazine. If you think this way, they are a means of making an e-newsletter more interactive and more topical. Blogging software is incredibly good value, with many free tools. The following options can be considered when setup your blog: 1-         Moderation : Either open or closed to comments, with or without a moderator. Star rating of posts is a good option. 2-        Frequency : Five to twenty posts per month would be typical for a company site unless posted in multiple categories for a new sit
Read more

De Kare-Silver’s electronic shopping test

-
Image
Tweet Consumer electronic shopping analysis using De Kare-Silver’ factors that should be considered in the electronic shopping test: 1- The Characteristics of the product. a. Does the product need to be physically tried? or b. Touched before it is bought? 2- The degree of confidence and Familiarity  To which degree the consumer recognizes and trusts the product or brand. 3- The attributes of the consumer:  - Technology accessibility  - Skills available   - Willingness to shop for a product in a traditional retail environment To measure the suitability of buying a product online ranked as below and given a score out of 50: Typical results from the evaluation, where products are scored out of 50 for suitability for electronic commerce, are: - Books (38/50)  - Travel (31/50) - Groceries (27/50) - Mortgages (15/50) The product achieved a score higher than 20 has good potential as per  De Kare-Silver, and he suggested also that the companies m
Read more