Eskenzi PR ad banner Eskenzi PR ad banner
  • About Us
Monday, 4 July, 2022
IT Security Guru
Eskenzi PR banner
  • Home
  • Features
  • Insight
  • Events
    • Most Inspiring Women in Cyber 2021
  • Topics
    • Cloud Security
    • Cyber Crime
    • Cyber Warfare
    • Data Protection
    • DDoS
    • Hacking
    • Malware, Phishing and Ransomware
    • Mobile Security
    • Network Security
    • Regulation
    • Skills Gap
    • The Internet of Things
    • Threat Detection
    • AI and Machine Learning
    • Industrial Internet of Things
  • Multimedia
  • Product Reviews
  • About Us
No Result
View All Result
  • Home
  • Features
  • Insight
  • Events
    • Most Inspiring Women in Cyber 2021
  • Topics
    • Cloud Security
    • Cyber Crime
    • Cyber Warfare
    • Data Protection
    • DDoS
    • Hacking
    • Malware, Phishing and Ransomware
    • Mobile Security
    • Network Security
    • Regulation
    • Skills Gap
    • The Internet of Things
    • Threat Detection
    • AI and Machine Learning
    • Industrial Internet of Things
  • Multimedia
  • Product Reviews
  • About Us
No Result
View All Result
IT Security Guru
No Result
View All Result

Cybersecurity Is an Ever-Changing Battlefield

by The Gurus
June 17, 2020
in This Week's Gurus
Cybersecurity Robustness
Share on FacebookShare on Twitter

Just like in combat operations, cyber operations are changing on a second-to-second basis. To effectively combat an insurgency, organisations must drive to an intelligence-driven operations centre. In this ever-changing battlefield, internal and external threat intel are now crucially important to combating attackers.

Even as a steady drumbeat of headlines keeps the world’s attention focused on cybercrimes, such as ransomware and cryptojacking, in the dark corners of the internet, attackers are busy refining their craft. Cyber attackers are honing their ability to remain undetected inside the enterprises they’ve breached, and evolving their attacks to counter defenders’ response efforts.

Business leaders can no longer get by thinking an attack won’t happen to them. Attacks that were once reserved for sophisticated campaigns have become an everyday reality. Most organisations remain woefully unprepared to combat such attacks, with the majority yet to create and implement proactive incident response plans, continuing instead to lean heavily on outdated legacy antivirus and firewall tools for protection.

IT leaders need to understand the ever-shifting landscape of their environment. In a tactical sense, this can be best facilitated in an automated fashion by collecting and using the proper telemetry and intelligence. A strategic understanding of your environment will be key to driving a winning strategy, starting with these fundamental factors:

  • Time – How much time does your staff have? What is delta on dwell time of the last adversary?
  • Money – What is your security budget? 
  • Equipment – What tools do you have? Are they integrated?
  • Culture – What’s the culture of your organisation?
  • Attackers – How are they attacking you and for what aim?

The war for our systems is now upon us and it’s time we adopt new ways of thinking about and addressing the problem. We need to think less like law enforcement and soldiers and more like an insurgent.

Counterinsurgency in cyberspace manifests shared risk.  We must discreetly observe the adversary and suppress their activity as we force them to become resource constrained.

According to our Quarterly Incident Response Threat Report (QIRTR) counterinsurgency is playing out in a number of ways:

Nearly half (46%) of incident response professionals say they’ve experienced instances of counter incident response, another concerning sign that attackers have become increasingly sophisticated and are initiating longer-term campaigns — as well as a clear signal that incident response must get stealthier.

Nearly 60% of attacks now involve lateral movement, which means attackers aren’t just going after one component of an organisation. They’re getting in, moving around and seeking more targets as they go. Of note, 100% of respondents say they’ve seen PowerShell used for attempted lateral movement.

A growing number of hackers won’t stop at a single network — they’re after your clients’ partner and customer infrastructure as well. A full 36% of our respondents say they see attacks where the victim was primarily used for island hopping.

Intrusion suppression is a viable architectural model whose core tenant lies in can you detect, deceive, divert, contain, and hunt an adversary, unbeknown to the adversary. We must dig at the roots of the insurgencies footprint on our networks and begin the hunt.

As military strategist Sun Tzu advised, “Be extremely subtle, even to the point of formlessness. Be extremely mysterious, even to the point of soundlessness. Thereby you can be the director of the opponent’s fate.”

The commercial cyber equivalent of that would be: identities, data, systems, applications and communications. Ask yourself, “Is my list of identities accurate, how do I ensure no unauthorised identities have been added or privileges have been escalated?” For example, is your list of data updated manually or automatically and how do you know a change has been made?

For too long, we have relied on Lockheed Martin’s Kill Chain to understand and predict attacker behaviour.  This framework does not account for the psychology of the adversary, nor does it truly dig into the tactical phenomenon associated with the phases of attack. We would suggest embracing a new, predictive model, one which takes into account the intent and cognition of a cybercriminal – a framework that studies the threat behaviours a.k.a.- modus operandi of elite hacker crews and allows you, as the defender, to anticipate and suppress the contemporary phases of a cyberattack.

FacebookTweetLinkedIn
Tags: CybersecurityTechnology
ShareTweetShare
Previous Post

Malware Loaders Continue to Evolve, Proliferate

Next Post

Five common myths of SMBs when it comes to cyber security and online encryption

Recent News

Greg Kelton

A shifting paradigm – Virsec’s deterministic approach to cybersecurity

July 4, 2022
TikTok Assures U.S. Lawmakers That They Are Working to Further Safeguard User Data From Chinese Staff

TikTok Assures U.S. Lawmakers That They Are Working to Further Safeguard User Data From Chinese Staff

July 4, 2022
UK Government Acquires Its First Quantum Computer

Threat Actor Group Claims Responsibility for High Profile University Hacks

July 4, 2022
Microsoft Office Building

Microsoft Issue Updated Warning Against Known Cloud Threat Actor Group

July 4, 2022

The IT Security Guru offers a daily news digest of all the best breaking IT security news stories first thing in the morning! Rather than you having to trawl through all the news feeds to find out what’s cooking, you can quickly get everything you need from this site!

Our Address: 10 London Mews, London, W2 1HY

Follow Us

© 2015 - 2019 IT Security Guru - Website Managed by Calm Logic

  • About Us
No Result
View All Result
  • Home
  • Features
  • Insight
  • Events
    • Most Inspiring Women in Cyber 2021
  • Topics
    • Cloud Security
    • Cyber Crime
    • Cyber Warfare
    • Data Protection
    • DDoS
    • Hacking
    • Malware, Phishing and Ransomware
    • Mobile Security
    • Network Security
    • Regulation
    • Skills Gap
    • The Internet of Things
    • Threat Detection
    • AI and Machine Learning
    • Industrial Internet of Things
  • Multimedia
  • Product Reviews
  • About Us

© 2015 - 2019 IT Security Guru - Website Managed by Calm Logic

This site uses functional cookies and external scripts to improve your experience.

Privacy settings

Privacy Settings / PENDING

This site uses functional cookies and external scripts to improve your experience. Which cookies and scripts are used and how they impact your visit is specified on the left. You may change your settings at any time. Your choices will not impact your visit.

NOTE: These settings will only apply to the browser and device you are currently using.

GDPR Compliance

Powered by Cookie Information