There is a saying that the best defense is a strong offense. While that may ring true in football and basketball, today there are experts that are suggesting that as cyber attacks have become more complex and prevalent than ever, companies and agencies need to think beyond stopping an initial attack.
For this Cybersecurity Awareness Month, it is now necessary to consider the variances that could follow, and to consider how to anticipate the ways that attacks may evolve, and how the attackers could strike differently, or even how the attackers could use a variety of methods to breach networks and systems.
Today, beyond defensive strategies there are now offensive means. While this may not involve seeking out bad actors, instead it involves a robust strategy that is more proactive than reactive, and it is also is more dynamic than static.
“This observation is very clear and true – you can always find ways to protect yourself after you understand the risks you have and your weak points, but bad actors will always be faster and will find creative new ways to attack,” explained Eddy Bobrtisky, CEO of Minerva Labs.
“If you rely on ways that demand to detect threats and then respond to them, you will eventually find yourself falling under attack, even if it just means that some attacker been inside your network for a little while,” Bobrtisky told ClearanceJobs. “Because attacks will always evolve and change, the only solution is to a preemptively approach, that way this will prevent attacks without the need to understand or identify them.”
The Evolution of Defense
Just as today’s cyberattacks are getting more sophisticated, defense needs to also keep pace. The cyberattacks will evolve, mutate and probe to determine what efforts may succeed.
“This however is not new, with every new advance, attackers evolve their approach,” warned Dave Cundiff, vice president at cybersecurity firm Cyvatar.
“Cybersecurity and its approach should never be seen as a destination but a continuous journey to continually improve,” added Cundiff. “All organizations should strive for growth and improvement not perfection.”
Thinking that you can reach a final step rather than make another to the next area, as a way to review and improve, can actually be counter-productive, Cundiff told ClearanceJobs.
“In this pursuit it is imperative to provide for a continuous security validation approach with continually improved attacks and intelligence brought to bear in order to reflect the state of the current attack surface,” he explained. “The more organizations are able to leverage resources and tools to verify not only their current security posture but nest week, or next month, or next year’s posture the more resilient they will be to these modifications and mutations of attacks.”
Anticipating the Attacks
The old saying, prepare for the worst and hope for the best, should always ring true in the world of cybersecurity – because it is often a matter of when, not if, that an attack will occur.
“Anticipating attacks is the ‘Holy Grail’ for cyber security,” said Doug Britton, CEO of cybersecurity firm Haystack Solutions. “This takes a sophisticated and highly experienced understanding of the basic infrastructure of modern computing systems and how code is developed, loaded, and manipulated as well as other immutable behavior of systems and data. Essentially this is the ability to re-engineer systems and understand the behavior of the weakest link (e.g. human operators).”
At issue is that fact that the “attack surface” of any given system can be highly variable. Discerning how the multitude of known attacks can evolve could take an incredible amount of attention and resources.
“We’ve seen LockFile ‘mutate’ and become the foundation for altered attacks from attackers who don’t necessarily want to start from scratch,” Britton told ClearanceJobs, warning, “This is a simple demonstration of how easy it is to change or add features that result in a cat and mouse game of attack and defend.”
Ultimately, a strategy to conceptualize all possible attacks will have limited results and will probably fall short of what is truly desired.
Instead, Britton suggested that it is much more productive to examine the technology stack of a specific organization and employ white hat hackers to break systems on a regular basis throughout the tech stack, including end users.
“This approach, in conjunction with sensitive monitoring of public attacks, can serve a major weather vane and point defensive activities in the right direction and can bring a certain controlled and customized offensive approach to cybersecurity,” Britton noted.
However, putting this concept into operation can still be tricky to pull off – and for some agencies it may not even be possible.
“Employing external groups that are proficient at breaking your systems may be a bit unnerving and may not even be permissible in some organizations,” said Britton. “Alternatively, developing an internal team of white hats can be a way to control that issue. Either way these white hats need to be highly skilled in very specific cognitive dimensions. It is critical to find talent that excel in these areas and apply them to the development of protective efforts because average is not sufficient in high-stakes efforts. We have the tools to find these skills. Putting a playbook and strategy into action is the critical first step to taking an offensive posture to cyber defense.”
Locking Out the Bad Actors
Cybersecurity threats will still likely continue, and even as workers return to the office, a plethora of threats remain – in part because technology evolves, and with it so do the threats.
It is necessary to plan for the attack, and respond when it occurs. However, a solid offensive strategy still doesn’t mean going on an all out cyber warfare campaign.
“We often see that companies choose their security solution with wide capabilities of detection, which a lot of times makes them more complex,” said Bobrtisky. “At the end of the day, you have to remember that the purpose is to secure your organization from threats. It is not that important to analyze and investigate what or who tried to attack you – as long as you are protected. The only effective way is to prevent attacks, not chase them.”