There are a variety of attackers across the modern cyber threat landscape, and enterprises need to look through the eyes of all such attackers to be cyber-secure.
While security teams of enterprises may be experts at repelling low-level threats, the reality is that they still remain at risk against sophisticated adversaries. News of ransomware attacks and data breaches dominate the headlines every day. Attackers buy ample time to research and analyze their target’s entire security environment before launching an attack. In order to level up their effectiveness against the advanced cyber threats, security organizations need to focus on being proactive, rather than reactive, anticipating the attacker’s movements before the damage is done.
To do so, they must think like an attacker – understand the targets, loopholes, capabilities, and techniques.
Know the attackers and the threats
For creating a proactive security posture, firms require a full understanding of the techniques, tactics, and procedures (TTP) adversaries utilize to attack their systems. This can be achieved by operationalizing threat frameworks as they help to visualize how attackers progress through the kill chain. This also gives an idea about which tactics attackers are using or what alternative tactics they have as back up. By leveraging external and internal threat intelligence, these threat actions can be prioritized based on their prevalence, maneuverability, applicability, and visibility of the adversary action.
Cyber threat frameworks provide enterprises with a risk-based method of assessing and analyzing defensive capabilities through the eyes of the attacker. This provides defenders with a precise evaluation of the risks they are exposed to and analyzes their current overall security to plan and improve their defensive strength.
Fight on the terms of the business and not of the attackers
The reactive fire drill mode of the cybersecurity teams will not help to repel the sophisticated attackers, who are increasingly leveraging automation and machine learning to accelerate attacks and evade detection.
Firms must fight on their own terms rather than the cyber attacker’s. Instead of waiting for the adversary to present themselves, defenders need to be ready to fight them. Using threat-based frameworks, firms need to evolve to their posture to engage the attacker in the initial stages of the cyber kill chain. Firms should act even before the malicious code is deployed, network devices are compromised, or the critical data is exfiltrated.
Denying advantage to the adversary
In the initial stages of a cyberattack, when attackers perform recon of the environment to identify potential avenues of attack, they are sneaky as they have a fear of getting detected. The objective for defenders should be to place multiple obstacles between the attacker and their target. These obstacles could include response capabilities, automated detection, and developing preventative defenses mapped to the threat-based assessments of the attacker. By using decoys to anticipate adversary TTP during the early attack stages (infiltration, recon, and lateral movement), the security team can promptly detect the problem and avoid long dwell times.
In most cases, by the time a firm realizes it is under attack, the attacker has already established the advantage. Firms need to put themselves in the shoes of the attackers to view the attack surface through their eyes. This will help them expose the attacker’s assumptions and weaknesses to mitigate the effects of an attack or to prevent it altogether.