10 Ways to Prepare for Cyber-Warfare
Winning the cyber-war is not a one-time event—it requires constant vigilance and a collective approach that encompasses prevention, detection and response.
Fundamental to winning the cyber-war is the visibility that lets you see and understand your entire enterprise. More than half of today’s organizations report lacking the visibility to see where and when attacks hit.
By continuously recording all endpoint activity on an enterprise, an organization can be confident that it has the visibility to see and scope attacks.
Instead of using antivirus, implement a “zero trust” prevention model. That way, organizations can allow only trusted software to run on their enterprises. If something unapproved attempts to run, alerts are immediately triggered to help defenders triage a possible attack.
If you don’t know the original vector for infection, you’re simply treating the symptoms of an attack and not the underlying cause. By confidently knowing the root cause of an attack, organizations can close vulnerabilities to future infections.
Traditionally, the industry has focused on Indicators of Compromise (IOCs)—addresses, domain names, URLs, file hashes, and similar metadata around tools or actions that occurred during an attack. This threat intelligence is fragile and very easy for an adversary to change. Eventually, it becomes impossible to keep up.
Patterns of attack (POAs) are more effective then IOCs because they identify the entirety of an adversary’s method. Attackers organize tactics, techniques and procedures to subvert known blind spots in information security solutions and exploit common vulnerabilities in software. POAs help you understand attacks that try to exploit these methods.
Humans are the lifeblood of any information security program, not systems and data. Unfortunately, most security programs suffer from a shortage of security talent. To win the cyber-war, people must feel empowered against adversaries. That begins with uniting the community via sharing.
Attackers share methods with one another, while the good guys fight in individual silos. Attackers use the same tactics repeatedly, so when a security team successfully defends against those attacks and shares lessons learned, the entire community become stronger.
Defenders should not be locked into a single security platform that does not allow for integration with best-of-breed security at every layer of the stack. They should find an easy way to integrate their data and systems for better security.
Winning the cyber-war is not a one-time event. It requires constant vigilance and a collective approach that encompasses prevention, detection, and response. When we unite as a community and continue to empower those charged with winning the cyber war, we’ll see the scales shift back to the side of the good guys