Six mandatory conditions for protection from impending cyber threats
Given that effective, sustained, and scalable cyber attacks require a high level of planning and development, the most likely scenario is one that uses existing methods, such as ransomware attacks and denial-of-service attacks. However, we cannot exclude the possibility of "Sleeper Agent" attacks, in which malicious code is placed in key systems in "peacetime" and activated remotely during a crisis.
About the author:
Alexey Andriyashin, technical Director of Fortinet in Russia
According to Wikipedia: Fortinet is an American multinational Corporation specializing in the development and promotion of software, solutions and services in the field of information security: firewalls, antivirus programs, intrusion prevention systems and endpoint security, and other products. In terms of revenue, the company ranks fourth among all companies specializing in network security.
The question is how to prepare for any of these incidents. Most likely, the targets of such an attack will range from government facilities to large commercial organizations and critical infrastructure. Of course, companies face familiar threats every day, so any actions taken to address them should already be part of any security strategy.
Six steps you can take nowThere are six basic steps an organization must take to prepare for any cyber attack and protect its digital assets:
1. Segment your network. Critical assets should be divided into well-protected domains. In addition, it is important to use goal-based segmentation to ensure that devices, assets, and data that are constantly moving in and out of the network are dynamically allocated to the appropriate segments defined by the internal network policy. The latter ensures that a failure in one domain will not be catastrophic if it spreads to other domains.
2. Establish and maintain backup communication options. Maintaining open communications with distributed elements of your network is essential. Traditional WAN models are very vulnerable to things like DDoS attacks. On the other hand, SD-WAN security features allow organizations to dynamically change data paths based on various factors, including availability.
3. Protect critical data. Given the high level of ransomware attacks, each organization should regularly back up critical data and store it offline. These files should also be checked regularly for the presence of embedded malware. In addition, organizations should conduct periodic exercises to ensure that data backups can be quickly transferred to critical systems and devices so that the network can return to normal as quickly as possible.
4. Integrate and automate. The approach of integrating devices into a single security platform ensures that all parts of the system can share and compare threat data, and seamlessly become an integral part of any coordinated threat response. In addition, the endpoint detection & response (EDR) and security orchestration Automation & Response (SOAR) functions enable rapid detection, management, and automatic response to an attack.
5. Check the means of electronic communication. Email remains the most common attack vector for infecting devices and systems with malware. In addition to providing intensive training to end users on how to detect and respond to phishing attacks, secure email gateways must be able to effectively detect and check suspicious malicious email attachments in a secure environment, such as a sandbox. Similarly, next-generation firewalls (NGFW) should be deployed inside the network perimeter to check internal encrypted communications for malware and hidden command and control implants.
6. Subscribe to channels that contain information about threats: Subscribing to a number of channels containing threat information collected from various sources, along with belonging to regional or industry ISAC, allows you to keep up to date with current attack vectors and new malware. By using this data and embedding it in an integrated security platform, organizations can identify threat indicators – malware signatures that are most likely to affect your network and industry. This way, you can not only block them when they are detected, but also prevent them from entering your network in the first place.
Cybersecurity is a team sport
To effectively defend against a targeted cyber attack, everyone must work together as a team to prevent and detect the threat in time, and respond to it correctly. This includes everything and everything from the country's national defense capabilities to local consortia of businesses and industries, communities of cybersecurity solution providers such as the Cyber Threat Alliance. This must be combined with an effective response strategy that engages critical team members to protect resources, quickly recover from an attack using data backups and isolated resources, and attract the support of government agencies responsible for security.
Алексей Андрияшин (Fortinet)