Defending against advanced cyberthreats is the same, in many ways, as defending buildings. Here’s why.
There’s not much difference between an advanced cyberattack and a thief breaking into your company’s premises.
A corporate building has a fence, entrances, corridors, offices and server rooms. IT infrastructure is similar, only here we have a network, workstations, servers, virtual machines and so on. If someone wants to steal from, spy on or disrupt a business, they must sneak into its territory or its network. Judging by the massive security breaches that have dominated the headlines in the past year, attackers favor the latter these days.
While large businesses usually see protection from physical threats such as trespass, industrial espionage or armed assault as essential, the need for defense against advanced cyberthreats is not always so obvious.
Fighting targeted cyberattacks has a lot in common with physical protection. Let’s consider the three fundamental principles for dealing with a physical breach, and see how these can improve a company’s cyber defenses.
1. Realize you’re under attack
Before dealing with any attack, you need to know you’re under attack. That means noticing suspicious activity and linking it to a plot.
Let’s say you’re at the office late in the evening, and the alarm system goes off on the second floor. A security officer goes to find out what’s wrong. At the same time, a pizza delivery person arrives and hands a pizza over to someone from accounting, gets their money and leaves.
That’s all perfectly normal, but if you look closer, you may notice a string of coincidences. The alarm went off at about the same time a few days ago, accountants (unlike IT staff) don’t typically order pizza, and this one usually complains about gluten intolerance. Putting these clues together, a perceptive security officer might ask some questions.
The same principle applies to detect cyberattacks. Separate activities inside the network might not, on face value, show an organization is under attack. But look at the bigger picture, and it might suddenly seem critical to investigate. Threat management and defense do just that: automatically detects and flags malicious patterns behind separate, simpler, seemingly unrelated activities in the network.
2. Start investigating
Coming back to our mystery pizza scenario, to begin investigations, the security officer could go to the camera room and look through the recordings. She would know there are smart cameras all around, letting her see any corner of the office at any time, and the records can’t be erased.
On the footage, the security officer sees the pizza delivery person jumped out of a black minivan… not the usual vehicle for pizza delivery, right? The gluten-intolerant accountant didn’t order a pizza; he ordered spy equipment that he’s planning to plant under the CEO’s desk.
Like smart cameras, anti-targeted attack software reviews network traffic for security purposes. Endpoint Detection and Response (EDR) software watches for cyber-threats too. It sees what’s going on at end-user devices (desktops, laptops, mobile devices) and gives the retrospective data needed for an investigation, even when devices are compromised, or when cybercriminals have destroyed or encrypted data to cover their tracks.
3. Know where to look
Whether investigating physical or cyber-breaches, expertise and intelligence are the most valuable assets.
To spot the right things at the right time, you need to know where to look. That’s why it’s so crucial that security teams in large corporations get the right training and experience.
There’s also information. Access to police reports and databases is helpful in physical corporate security. In the scenario I’ve described, the security guard could run the minivan license plate numbers through the police system to see if it’s been stolen or used in similar operations.
And once again, the same applies to investigate cybersecurity incidents. You can use threat intelligence data tailored to your industry or location, and you can get specialized training for your IT security team; you can even outsource cyberthreat protection to an experienced third party.
Build your cyber fortress
We’ve seen that in many respects, you can use the basics of protecting your premises when building your cyber fortress.
With these solutions and services combined, your teams will get ahead of the cybersecurity agenda. You will always have the answer to even the most advanced attacks.