Putting in place security controls and processes and adopting a defence-in-depth approach are the keys ways to reduce your exposure to a cyber attack.
According to a Government document, on “Common Cyber Attacks: Reducing The Impact”, preventing, detecting or disrupting the attack at the earliest opportunity limits the business impact and the potential for reputational damage.
The report claimed that there are “effective and affordable ways” to reduce your organisation’s exposure to the more common types of cyber attack on systems that are exposed to the internet, and named these as:
Boundary firewalls and internet gateways to establish network perimeter defences, block access to known malicious domains and prevent users’ computers from communicating directly with the internet;
- Malware protection to establish and maintain malware defences to detect and respond to known attack code;
- Patch management to patch known vulnerabilities with the latest version of the software, to prevent attacks which exploit software bugs;
- Whitelisting and execution control to prevent unknown software from being able to run or install itself;
- Secure configurationto- restrict the functionality of every device, operating system and application to the minimum needed for business to function;
- Password policy to ensure that an appropriate password policy is in place and followed;
- User access control, including limiting normal users’ execution permissions and enforcing the principle of least privilege.
It also recommended security monitoring, user training and awareness and security incident management if your organisation is likely to be targeted by a more technically capable attacker.
The report devolved the stages of attack into four categories of mitigation – survey, delivery, breach and affect. The survey stage recommended user training, education and awareness as well as secure configuration to minimise the information that Internet-facing devices disclose about their configuration and software versions, and ensures they cannot be probed for any vulnerabilities.
The delivery options available to an attacker can be significantly diminished by applying and maintaining a small number of security controls, which are even more effective when applied in combination, it said.
In terms of mitigating the breach, it said that the ability to successfully exploit known vulnerabilities can be effectively mitigated with just a few controls, which are best deployed together. “All commodity malware depends on known and predominately patchable software flaws,” it said. “Effective patch management of vulnerabilities ensures that patches are applied at the earliest opportunity, limiting the time your organisation is exposed to known software vulnerabilities.”
Malware protection, particularly within the internet gateway and secure configuration were the recommendations here, as they can remove unnecessary software and default user accounts, and can also ensure that default passwords are changed, and any automatic features that could immediately activate malware are turned off.
Finall
y, mitigating the affect stage means that if all the measures for the survey, delivery and breach stages are consistently in place, the majority of attacks using commodity capability are likely to be unsuccessful.
“However, if your adversary is able to use bespoke capabilities then you have to assume that they will evade them and get into your systems,” it said. “Ideally, you should have a good understanding of what constitutes ‘normal’ activity on your network, and effective security monitoring should be capable of identifying any unusual activity.”
The report said that the threat of attack is ever present as new vulnerabilities are released and commodity tools are produced to exploit them, and doing nothing is no longer an option. “Protect your organisation and your reputation by establishing some basic cyber defences to ensure that your name is not added to the growing list of victims,” it said.