With a threat landscape that is constantly evolving, cybersecurity can’t be something you set up and ignore. To keep your organization safe, and to stay compliant with required industry regulations and standards, you need to approach cybersecurity with a tactical mindset, one that positions it as a planned and proactive — not reactive — component of your business strategy.
The Threat Landscape Today
Think of it this way: Your entire network infrastructure is a battlefield and your job is to protect it from threats, both internal and external. To do this most effectively, you need to always be thinking one step ahead to prepare for what could happen next, in conjunction with keeping up with the current threat landscape.
Why? Because threat actors will keep doing what works well, shifting their tactics to make it look like a new attack. For example:
- Phishing — A few years ago, spearphishing and whaling attacks were popular. Though they haven’t gone away, the approach has shifted in regards to both the target and the delivery channel. Today, threat actors target disgruntled employees with the intention of stealing credentials to gain access to insider information. And sometimes, threat actors leverage social media to launch phishing attacks, as well.
- Familiar Attack Vectors with New Targets —Like they do with phishing attacks, threat actors know where organizations are most vulnerable. Though they continue to use the same attack vectors, they are changing targets, like SMBs instead of enterprises, or lower-level employees instead of leadership.
- Ransomware —Ransomware increased by 151% in the first six months of 2021 compared to the same timeframe in 2020. Ransomware has grown in popularity partly because threat actors are taking advantage of remote workers and hybrid infrastructure models. Threat actors are also making it easier for others to run attacks as a result of increased use of the cloud. In fact, there has been an increasing amount of material online that makes running ransomware attacks easier.
- Third Parties — Today’s interconnected world has allowed for greater partnerships across organizations. But this also means that one company’s cybersecurity incident can also become yours. Though an organization’s partners and vendors may have their cybersecurity systems and protocols in place (something that should be vetted before signing a contract), the organization itself also needs to keep current with their own cybersecurity efforts. This extends to compliance with government and industry regulations. Each third party related to your organization enlarges your threat landscape and increases your risk of a compliance violation.
Protecting Your Organization With a Tactical Mindset
To avoid these attacks, pay close attention to what’s happening on your network. Areas you think are secured might, in fact, be your biggest vulnerability. The last thing you want to do is be tricked by a threat actor. Remember, cybersecurity should be proactive, with emphasis on active.
So how can you approach cybersecurity in a more strategic way?
Develop and Implement a Framework
Consider leveraging an acceptable framework, like NIST, to establish strong cybersecurity controls to help manage and reduce cybersecurity risk. MITRE’s D3FEND framework also helps organizations understand how others were hacked to provide insight to recognize threat patterns before you become victim to a cybersecurity incident. This insight can also provide organizations with a better understanding of their own cybersecurity posture.
Hire Ethical Hackers and Pen Testers
The best way to know where your organization’s vulnerabilities are is to hack your own network. You’ll want to hire someone that understands a variety of frameworks and architectures, an ethical hacker that can discover vulnerabilities before malicious actors get the chance. As you consider who could be a fit for this role, don’t limit yourself to looking at experience alone. After all, the purpose of testing the network is to harden your security posture; this can only be done effectively when someone is thinking one step ahead to test how well prepared you really are to prevent a cybersecurity incident. Hire someone who embodies a tactical mindset.
Check the Logs
Another component of the tactical mindset for cybersecurity is to check the logs. Though checking logs may be boring to some, it is one of the most important tasks in an effective cybersecurity strategy. If you don’t know what your logs should look like, you won’t be able to identify anomalies.
To that point, if you find there are a lot of errors in your logs, it could signal a clandestine attack or some other nefarious activity happening. Small events, anomalies, or user-experienced issues can be the first sign of something bad brewing. Typically, “breadcrumbs” are left during an attack but hidden in plain sight so always pay attention to the logs as they can provide clues to invisible or unexpected security events. Even if you have tools that alerts positive hits, you still need to check the logs regularly.
Adopt a Zero Trust Approach
Implementing a zero trust architecture is considered, by many, to be the best way to lessen the threat surface for your organization. Zero trust is a collection of concepts and ideas that are designed with the principle of least privilege for information systems. Basically, it’s about restricting access to resources to only the people who need them. Every time a user wants to access specific data or a specific resource, the user will need to authenticate and prove who they are.
The restriction around privileges is done intentionally. After all, a zero-trust architecture uses zero trust principles to manage workflow, designed to assume that an internal network is already infected with various threats.
Though this can present a unique mental hurdle for many organizations — especially since most people assume an internal network is protected — zero trust, combined with a strong framework, provides an organization with a more strategic approach to cybersecurity.
Tighten Up Your Cybersecurity
A tactical mindset requires an organization to always be alert. It’s about knowing your infrastructure, the devices connected to the network, how they communicate, the characteristics of your data, and who has data access.
Building a culture of proactive cybersecurity, complete with set policies, best practices, and user security awareness training, positions your organization to be better prepared for when a cybersecurity incident occurs.
If you have any questions or if you would like to learn more about undergoing a cybersecurity or compliance assessment, please reach out to one of A-LIGN’s experienced assessors today.