8 Ways to Halt Cyber-Attacks

Known cyber-attacks are well documented and understood. The MITRE Attack Framework, a Web-based database, identifies 291 unique tactics. Many tactics are repeated by known adversary groups because they work. Detecting intruders is difficult business and intrusions often go unreported for months.

We accept as reality that cyber-criminals spend every waking hour inventing new, more damaging methods of doing harm. The simple truth is that nearly 80% of all attacks are known tactics repeated by identified adversaries. Once inside, invaders avoid detection and move laterally.

Detecting invaders requires a combination of expertise, process and tools, and steadfast vigilance. Sadly, the majority of intrusions go undetected until after the damage has been done.

• What is at stake if the news of your attack goes viral?
• Will you be able to compete effectively after losing customer trust?
• Can you survive a loss of intellectual property?
• Are you protected from hackers and malware contaminating your data?
• Does everyone in your organization know they are responsible for cybersecurity?

At stake is your brand image and company reputation. Trust is a function of data integrity and confidentiality and not easily restored. Losing intellectual property can tip your balance sheet into a tailspin. Everyone in your organization is responsible for detecting cyber-crimes and developing the skills to be a successful security champion.

Stopping bad habits and closing windows of exposure won’t make detecting intruders any easier, but it will reduce the vulnerabilities and the number of attacks. Below are 8 things to stop doing that will improve cybersecurity:

For too long, we have accepted weaknesses in the software supply chain. We must be more diligent about putting pressure on the supply chain to demonstrate proof of deep security scrutiny from third-party software.

The SolarWinds attack from Russia occurred because security experts were looking for a different tactic that was deployed successfully in the past. We clamped down on hackers while the state supported adversaries implanted malware and evaded detection.

Web forms are a favorite entry point for intruders to insert SQL commands rather than requested information into seemingly benign forms. Undetected, invaders can access underlying databases and, make malicious changes to data or SQL commands. SQL injections are one of the oldest invasions that still works unchecked.

Fixes are often the consequence of vulnerabilities discovered during attacks. The difficult detection work has already been done for you. Apply fixes and updates without delay. They aren’t optional.

Similar to #1 above, APIs are the most attacked code. and expose back-end systems / Web browsers.

The public cloud is safe with extensive security infrastructure. However, transitioning to Cloud doesn’t mean the end to security concerns. All the basic principles of security still apply.

Detecting attacks is more difficult when new releases push live weekly, daily, or even hourly. Protecting Cloud systems is an example of the intersection of people, policy, and technology.

Both are valuable but perform different objectives.

The SolarWinds attack was a wake-up call, unlike anything we’ve ever seen before. It was a Cyber Pearl Harbor. Fighting back hinges on better prevention and detection of cyber-attacks. Stopping practices that invite intruders is a good place to start.

• Cross-organizational literacy in adversary tactics and techniques.
• DevSecOps fundamentals to integrate security responsibilities into every job role.
• Hands-on experience identifying security threats by industry and job role at a Cyber Range or practice lab.

• An Executives Guide to Security: Understanding Security Threats
• Aspire Journey: Security Analyst to Security Architect
• Secure Agile Programming: Agile Techniques
• Cloud Security Fundamentals: Cloud Application Security
• Penetration Testing Fundamentals
• Aspire Journey: Security Threat Intelligence