When speaking to various groups about cybersecurity, I am often asked whether their business or public agency can ever be immune or 100% defended from a successful attack. While I stop short of answering “not if, but when”, what usually comes out of my mouth is “prepare for what you know and anticipate the realization that you don’t know as much as you think you do”. Preparing for what you know is still a great methodology to follow and one that cyber professionals have used successfully to stop attackers.
Preparation is the key to success
By what you know, it also means what is out there in the public domain for you to learn, hone, and practice constantly. Anticipating there is an attack, tactic, or technique you have no idea exists prepares you for recovery, which is as important as prevention.
The great television drama Vikings and the Norsemen’s attacks on Paris reminds me in so many ways of the mindset of top-level organized cyber criminals and how creative they can be. During the television series, the Vikings tried three different times in rapid succession to raid and seize Paris. The first was tried by conventional warfare, but the French were prepared, well equipped, and highly prideful of defending their city. They repelled the Vikings, who incurred great losses. Not to be dissuaded, however, the Vikings mounted an unconventional “nighttime” raid with a smaller, elite group of warriors. They still ultimately failed but caused enough casualties amongst the French (who were also dealing with a plague), that the Emperor of Paris paid the Viking leadership gold and antiquities to quit attacking. The Viking King, for the apparent change of faith reasons, asked to be baptized and appeared to be mortally injured. He also requested that he be given a Christian burial inside Paris walls once he did pass away in honor of his late Christian friend. Seemingly dead, the King was brought in his coffin inside Paris, only to surprise everyone (other than the few of his warriors who were in on the plan) by springing to life and taking the French princess as hostage by knifepoint. There was so much surprise and chaos created by the scene that the Vikings used a smaller force to overwhelm the unprepared French Army, raid the city, and seize countless amounts of gold and other valuable items.
Expect the unexpected
Using the above as a historical analogy to cyberattacks, it first illustrates the principle that the initial attack by hacking groups, just as the Vikings tried with conventional warfare, is often successfully repelled because they are not original and network defenders anticipate how to respond. The armies of Paris were victorious and while complacency may not have completely set in, the Viking attack using unconventional nighttime operations caught them by surprise enough to wear down their defenses, much like cybercriminals trying new tactics, successful or not, giving the network defender something else to worry about. The last push by the Vikings, where the King used deception to gain an advantage, was so original that even the shrewdest of war gamers, could not have anticipated the move.
Just as cybercriminals prey on the psychological biases and heuristics of victims, so did the Vikings in this attack. The French thought that giving them money to leave them alone was the end, but the Viking King had other ideas. The French also did not anticipate an enemy using the ruse of religious acceptance to deceive, because the notion of such immorality in their minds was unfathomable. Preying on human faults and behaviors is how cybercriminals often ultimately succeed, and as soon as we prepare for what we have seen before, they will try a different approach that is uniquely diabolical. Anticipate that happening, plan your recovery as if it will happen, and exercise that plan. As far as the series goes, the French recovered and created a strategy built on involving people who had been distrustful before, which parallels converting Black Hat hackers to the right side of the law. Was it successful? You will have to watch the rest of the series to find out.