Saturday, April 13, 2024

Corporate Business Survival: 4D | Deter. Detect. Defend. Document.

Critical Infrastructures are those systems and assets - whether Physical or Virtual – that are considered so vital to the United States that their incapacitation or destruction would have a debilitating effect on security, national economic security, national public health or safety, or any combination of those matters.

As ransomware attacks continue to grow, organizations need to improve their security posture to protect against an attack.  Better security requires implementing appropriate security controls and ensuring that effective crisis management and employee education are in place.

The landscape of how we work has changed since the onset of the global pandemic.  We must assess vulnerabilities in a new way and with increased due diligence.

Our Corporate Critical Assets are "Under Attack".

4D = Deter. Detect. Defend. Document.

"Attackers use Tools to exploit Vulnerabilities. They create an Action on a target that produces an Unauthorized result."

Attackers do this, to obtain their Objective.

LESSON 1- DETER.

  • What corporate critical assets are most valuable in the eyes of your adversary?
  • Increase deterrence with these assets first.
  • MFA / Layered Access.  [SMS vs. Authy or Authenticator]]
  • Segmented Networks.
  • Data / Network Encryption.
  • People motivated by Financial Gain, Damage/Disruption or the Challenge.

LESSON 2 – DETECT.

  • Detect the use of tools by the Attackers.
  • Some tools are High Tech, others are "Social Engineered".
  • They will discover vulnerabilities in:

Design.

Implementation.

Configuration.

You must continuously detect the use of attackers methods and tools to exploit your vulnerabilities.

LESSON 3 – DEFEND.

  • Defend the target assets from actions by the attackers.
  • Targets may include people, facilities, accounts, processes, data, devices, networks.
  • Actions against the target are intended to produce the unauthorized result include:

Probe.

Spoof.

Steal.

Delete / Encrypt.

LESSON 4 – DOCUMENT.

  • Document the "Normal" so you know when and where there is an Unauthorized result:

Increased Access.

Disclosure or Corruption of Information.

Denial of Service or Theft of Resources.

  • Continuous Documenting and using a "Collection Management Framework"  (Logs) and how to access it for effective Incident Response.

1_ In order to understand how to defend your corporate critical assets, use Red Teams, Bug Bounties or internal testing resources.

2_ Maintain offline, encrypted backups of data and regularly test your backups.

3_ Review Third Party or Managed Service Provider (MSP) policies for maintaining and securing your organizations backups.

4_ Understand that adversaries may exploit the trusted relationships your organization has with third parties and MSPs.

The cost of a cyberattack is often significant for organizations large and small, and we must strengthen responsiveness and reduce behaviors that may open vulnerabilities in the future.

Public Private Partnerships of Critical Infrastructure organizations with CISA.gov and FBI.gov are vital to enhance our National Security...