Skillsoft Blog

8 Ways to Halt Cyber-Attacks

February 9, 2021 | by Amanda Papavasiliou

Recent Cyber-attacks 2020

Known cyber-attacks are well documented and understood. The MITRE Attack Framework, a Web-based database, identifies 291 unique tactics. Many tactics are repeated by known adversary groups because they work. Detecting intruders is difficult business and intrusions often go unreported for months.

We accept as reality that cyber-criminals spend every waking hour inventing new, more damaging methods of doing harm. The simple truth is that nearly 80% of all attacks are known tactics repeated by identified adversaries. Once inside, invaders avoid detection and move laterally.

Detecting invaders requires a combination of expertise, process and tools, and steadfast vigilance. Sadly, the majority of intrusions go undetected until after the damage has been done.

How confidently can you answer these questions about your organization if a cyber-attack goes undetected?

  • What is at stake if the news of your attack goes viral?
  • Will you be able to compete effectively after losing customer trust?
  • Can you survive a loss of intellectual property?
  • Are you protected from hackers and malware contaminating your data?
  • Does everyone in your organization know they are responsible for cybersecurity?

At stake is your brand image and company reputation. Trust is a function of data integrity and confidentiality and not easily restored. Losing intellectual property can tip your balance sheet into a tailspin. Everyone in your organization is responsible for detecting cyber-crimes and developing the skills to be a successful security champion.

Detecting cyber-crimes and developing security skills

Stopping bad habits and closing windows of exposure won’t make detecting intruders any easier, but it will reduce the vulnerabilities and the number of attacks. Below are 8 things to stop doing that will improve cybersecurity:

#1

STOP assuming everything is safe:

For too long, we have accepted weaknesses in the software supply chain. We must be more diligent about putting pressure on the supply chain to demonstrate proof of deep security scrutiny from third-party software.

#2

STOP fighting the last war:

The SolarWinds attack from Russia occurred because security experts were looking for a different tactic that was deployed successfully in the past. We clamped down on hackers while the state supported adversaries implanted malware and evaded detection.

#3

STOP Creating opportunities for harmful SQL injections:

Web forms are a favorite entry point for intruders to insert SQL commands rather than requested information into seemingly benign forms. Undetected, invaders can access underlying databases and, make malicious changes to data or SQL commands. SQL injections are one of the oldest invasions that still works unchecked.

#4

STOP skipping security patches and updates:

Fixes are often the consequence of vulnerabilities discovered during attacks. The difficult detection work has already been done for you. Apply fixes and updates without delay. They aren’t optional.

#5

STOP using 3rd party APIs without security acceptance testing:

Similar to #1 above, APIs are the most attacked code. and expose back-end systems / Web browsers.

#6

STOP configuring Cloud deployments without adequate security policies

The public cloud is safe with extensive security infrastructure. However, transitioning to Cloud doesn’t mean the end to security concerns. All the basic principles of security still apply.

#7

STOP rapid fire deployment of new Software releases without protected CICD (continuous integration continuous delivery) DevOps processes:

Detecting attacks is more difficult when new releases push live weekly, daily, or even hourly. Protecting Cloud systems is an example of the intersection of people, policy, and technology.

#8

STOP assuming compliance with standards like NIST (National Institute of Standards) is the same as adopting security principles:

Both are valuable but perform different objectives.

The SolarWinds attack was a wake-up call, unlike anything we’ve ever seen before. It was a Cyber Pearl Harbor. Fighting back hinges on better prevention and detection of cyber-attacks. Stopping practices that invite intruders is a good place to start.

Skills to support threat detection

5G: What is it, and how will it enable the future for you and your business?

5G represents a fundamental paradigm shift compared to mobile communication networks of the past. Recognizing the implications of the technology, the potential it engenders, as well as comprehending the details of its technological implementation will go a long way in enabling you to take full advantage of 5G for you and your business.

Read blog post

2021 Trends in DevOps Online Training

At Skillsoft, our market-leading consulting customers have earned more than 150,000 DevOps badges since February 1st 2021. This alone is an incredible testament to the rising importance of DevOps skills...

Read blog post

4 Solutions For Avoiding DevOps Training Pitfalls

There are stacks of evidence extolling the virtues of DevOps and an almost equal amount of studies indicating how difficult DevOps is to harness successfully in large organizations. Why is DevOps transformation so hard and how can training help?

Read blog post