In our previous article we discussed the development of cybersecurity threats and various approaches to protection. We also learned about LACS, an agile set of techniques that is disrupting the way companies handle cybersecurity.
THINK LIKE A HACKER
The war on our cyber battlefield is a war where assets and sometimes lives are lost. It is of the utmost importance to constantly innovate the methods used to fight this war. You must always be one step ahead, knowing and thinking like your enemy.
“If you know the enemy and know yourself, you need not fear the result of a hundred battles. If you know yourself but not the enemy, for every victory gained you will also suffer a defeat. If you know neither the enemy nor yourself, you will succumb in every battle.”
-Sun Tzu, The Art of War
WHY, WHERE, HOW?
Many specialists ask how they can create an ideal cybersecurity defense.
STRATEGY 1: YOU CAN’T FIX THE WEAKEST LINK
What is the weakest link in an application’s security?
2.Insecure Cryptographic Storage?
3.The small thermal exhaust port which leads directly to the reactor system?
4.Humans (otherwise known as users and employees)
If you answered 1 or 2, then you are a nerd!
If you answered 3, then you have watched too many Star Wars films!
If you answered 4, then you are correct!
THE BEST DEFENSE IS A GOOD OFFENSE
Governments, intelligence agencies, law enforcement, and private companies are evaluating the possibility to adopt offensive approaches, to defend their assets from cyber attacks.
While in private industry the concept of an offensive approach to cybersecurity is relatively new, the idea has been extensively evaluated in government and military environments. In these settings, offensive cybersecurity has long been debated. Countries have gone to great lengths to develop systems that can respond if an attack is detected.
In future articles, we will go over several systems and tactics. You can find a brief overview of these below.
Planning – Counter defense, battle planning, attack options, risk assessment
Reconnaissance – Advantage reconnaissance, espionage, situational awareness
Defense – Monitor, detect, restore, respond
Offense – Destroy, disrupt, degrade, exploit
Deterrence – Deterrence focuses on making potential adversaries think twice about attacking, forcing them to consider the costs of doing so, as well as additional consequences that might come from a counterattack.
There are two main principles of deterrence.
1.Convince would-be attackers they won’t succeed, at least without enormous effort and cost beyond what they are willing to invest.
2. Make sure adversaries know there will be a strong response that might inflict more harm than they are willing to bear.
Detection – It usually takes organizations up to 6 months to detect a breach and years to assess the financial or reputational damage. Sometimes it can have a viral effect and result in having to replace the entire infrastructure.
Honeypots – Rather than spending a ton of effort on securing your infrastructure, you have to think like a hacker. You need to understand where you would target first and where the weak points are. Understand the access points of your organization that have the lowest priority or are not connected to vital information. Expose them as backdoors, put in honeypots, and start detecting your enemy’s activity.
“Appear weak when you are strong, and strong when you are weak.”
-Sun Tzu, The Art of War
Even when you are constantly being attacked, you can benefit by enabling controlled attack strategies and activating mitigation techniques.
Control – You have to constantly enable monitoring and alerting of the system. Do not panic during an attack, you can make yourself vulnerable by closing down access points and allowing the hacker to see your response activities.
Navigate – You have to be prepared to have target access points in your infrastructure where you would like to reroute the attack. You want to make the hacker think that they are on the right path.
Expose – Hackers will be satisfied if they get to the target. Make them think they got there. Expose some useless piece of data or low-priority public information. The hackers will never think you guided them during the whole process.
“In the midst of chaos, there is also an opportunity.”
-Sun Tzu, The Art of War
A simulation of a hacker attack (white hacking), is a technique used by security specialists to identify and analyze vulnerabilities in a system. The most effective approach is to cover the attack surface which consists of the 3 P’s.
Perimeter – The perimeter is the infrastructure you run. For this, you perform the most obvious attacks described in OWASP and ISO standards and discover prioritized and non-prioritized access points.
People – Perform social engineering tests on the people that work in the same structure, understand the maturity of the staff, and the possible impact of an attack.
Partner – It is not enough to protect and educate your own staff, but partners and vendors as well. A zombie computer that has access to the network can be a good fit for your sensitive information. Perform tests to identify how vulnerable your partners and their infrastructure is.
The lean approach involves using all of the techniques mentioned above. But, it skips the planning phase and implements security improvement in small batches, based on real data from attacks.
Build – Create a prototype and perform tests. This prototype can be a small piece of an application. There is no need for extensive security, and this will allow you to have real data on attacks.
You can publish this application and put some marketing behind it. Once hackers know about you, they will attack you, but you are using them for data.
Measure – Understand access points, meant for attackers, and system vulnerabilities.
Learn – Improve your system based on real attack data and field testing. Use this data to constantly improve.
TO BE CONTINUED
In future articles, we will go into detail about the techniques mentioned above and give real-life examples. We will also show you the affect of using LACS.
We are interested in building a community to create a system of techniques and best practices. We encourage you to get connected and collaborate on this.
Next steps will be to document these processes, and test them as a community.