Part 1 of the Attack Vectors and Defence in Depth series explored ways to define the sequence in which cyber-attacks may be conducted. This part of the series will explore how to the attack sequence can be used to gain foresight into defensive strategies.
Security concerns should be addressed in a logical, straightforward, and effective manner. Armed with the attack sequence in Part 1, an analyst may aim to detect and prevent attacks, or mitigate damage in the event of a breach. Each step of the sequence directs what response may be appropriate, beginning with prevention techniques and ending with containment options.
Just as there are several attack methodologies, there are many ways to counteract an attack. For example, the MITRE ATT&CK Framework details the following goals for defenders to achieve when facing a cyber adversary:
1. Redirect - Involves deterring an adversary or adversarial activity from specified targets.
2. Obviate - Ensuring that the adversary’s attempts are ineffective.
3. Impede - Making it more challenging for an adversary to achieve their goal.
4. Detect - Identifying indicators or characteristics of adversarial activity.
5. Limit - Reduce the effectiveness of adversarial activities.
6. Expose - Developing threat intelligence on an adversary to better prepare defences.
The Australian Signals Directorate (ASD) has also developed a list of mitigation strategies to assist organisations in lessening the changes and impact of cyber security incidents. Among these strategies, is the implementation of the Essential Eight maturity model, an eight-step mitigation strategy developed as a baseline for enterprise network defence:
1. Application Whitelisting
2. Patch Applications
3. Configure Microsoft Office macro settings
4. User Application Hardening
5. Restrict Administrative Privileges
6. Patch Operating Systems
7. Multi-Factor Authentication
8. Daily Backups
Implementing an information security framework is essential for all organisations (such as the Australian Government Information Security Manual (ISM). The security principles around which all effective security frameworks are built are a lens which every organisation must inspect for security risks and appropriate controls. For example, the Australian Government’s ISM focuses around security principles in four key activities: Govern, Protect, Detect, and Respond.
These often provide security principles to follow that can enable a company to identify security risks within the context of the organisation and implement security controls accordingly. Alcorn Group can assess your processes, policies and systems to achieve a perspective on your current security readiness.
Part 3 continues the Attack Vectors & Defence in Depth series by exploring actions which can be taken during each stage of compromise.