Cyberattackers roam freely in this environment. They may be either indiscriminate or highly targeted, attacking large and small organizations in both the public and private sectors. They are well camouflaged: exposing the attackers requires cybersecurity defenses that identify the threat, even when it adopts the colors of its immediate environment.
Against this backdrop, organizations must consider their resilience in the context of different categories of threat:
- Common attacks: These are attacks that can be carried out by unsophisticated attackers, exploiting known vulnerabilities using freely available hacking tools, with little expertise required to be successful.
- Advanced attacks: Advanced attacks are typically carried out by sophisticated attackers, exploiting complex and sometimes unknown (zero-day) vulnerabilities using sophisticated tools and methodologies.
- Emerging attacks: These attacks focus on new attack vectors and vulnerabilities enabled by emerging technologies, typically carried out by more sophisticated attackers performing their own research to identify and exploit vulnerabilities.
Building defenses that are fit for purpose
Organizations are likely to be confronted by a wave of attackers of varying levels of sophistication, and they can and must fight back. The response must be multilayered, with a focus on repelling the most common attacks while also introducing a more nuanced approach for dealing with advanced and emerging types of attacks. As some of these attacks will inevitably breach the organization’s defenses, the focus needs to be on how quickly they are detected, and how effectively they are dealt with.
- Defending against common attack methods means closing the door to the most common types of attack. At this threat level, point solutions remain a key element of cybersecurity resilience, with tools including antivirus software, intruder detection and protection systems (IDS and IPS), consistent patch management and encryption technologies that protect the integrity of the data even if an attacker does gain access to it. Employee awareness is also a crucial frontline defense, building cybersecurity consciousness and password discipline throughout the organization.
- Defending against advanced attacks means accepting that attackers will get in and being able to identify intrusions as quickly as possible. A Security Operations Center (SOC) that sits at the heart of the organization’s cyber threat detection capability is an excellent starting point, providing a centralized, structured and coordinating hub for all cybersecurity activities. SOCs are increasingly moving beyond passive cybersecurity practices into active defense — a deliberately planned and continuously executed campaign that aims to identify and remove hidden attackers and defeat likely threat scenarios targeting the organization’s most critical assets.
- Defending against emerging attacks means recognizing that the nature of some threats will be unknown. Innovative organizations that are imaginative about the nature of potential future threats can build agility into their cybersecurity approach so that they are able to move fast when the time comes. Organizations with good governance processes underlying their operational approach are able to practice security-by-design — building systems and processes able to respond to unexpected risks and emerging dangers.