BUSINESS SURVEILLANCE been deeply entrenched in since our respective careers began .
The APT groups you should pay close attention to are :
• TeleBots , TA505 , Grim Spider , Pinchy Spider , Zombie Spider ( Russia )
• Lazarus Group OR Labyrinth Cholima ( North Korea )
• Temper Panda ( China )
• Boss Spider ( Iran )
Ultimately , there are many others that we could mention if we look into historical data on ransomware attacks ( major credit to ‘ ThaiCERT ’ for some of the above datasets ), but more important in overall defence strategy is the ‘ what ’ over the ‘ whom ’. If we acknowledge the fact that ransomware has been a part of industry for just under 30 years now , then it stands to reason that as organisations , we should look to the commonalities in the anatomy of a ransomware attack , so that we can better poise our security and business operations teams to mitigate the threat . This is where you must turn to a term known as ‘ TTPs ’ ( Techniques , Tools & Procedures ) of any cybercrime group that would look to target your business with a ransomware attack . There ’ s a wealth of resources available that can help your security teams to understand attacker TTPs in great detail and a plethora of effective security test tools to support continuous testing against your critical assets to ensure protection against the common TTPs in operation by cybercriminals this past two decades .
An effective approach can all but eliminate zero day threats
The most effective approaches today combine automation , data science and context-based risk analysis , to identify genuine threats and better help security teams mitigate them as quickly as possible . Data streams from all security tools can be centralised through a single ‘ security brain ’ which monitors information flow over time , enabling benchmarks for normal user and system activity to be established .
When anomalous behaviour is detected , it ’ s automatically analysed and assigned a score based on the level of risk they present . Only those with a high enough score trigger alerts for follow up by the security team , allowing them to focus on genuine threat prevention , rather than chasing false positives all the time .
The most critical element of monitoring , analysis and detection has to be focused on ‘ credentials ’; without credentials , malware is very limited in what it can achieve beyond the initial infection point ( often a user ’ s endpoint / device or unsecured IoT device ). By monitoring the use and privileges of your organisation ’ s credentials , you ’ ll be in a far better position to detect malware threats early in their attack life cycle .
When implemented effectively , such an approach can also virtually eliminate zero day threats . This is because all malware , by its very nature , has to deviate from established user / system benchmarks in order to achieve its goals . As soon as it does so , the system will detect it , giving security teams the chance to prevent an attack before it ’ s had time to trigger inside the network .
First line of defence is users
With enough dedication and effort , any business can implement an extremely effective security technology solution in 12 – 18 months . However , it ’ s always worth remembering that the first line of defence in any security chain is its users . Nearly every successful cyberattack begins with social engineering or an unaware staff member clicking on a compromised email link . As such , regular training and education will always be the strongest ( and most cost-effective ) weapon in the cybersecurity arsenal .
The resurgence in ransomware over recent years has left many businesses scrambling to ensure they have effective security solutions in place . However , simply stacking multiple tools on top of each other isn ’ t the answer and will quickly lead to security teams drowning in data . Instead , businesses need to take the time to first understand where their sensitive assets actually are , then build a solution around them that centralises data and enables teams to quickly sort genuine threats from false positives . This approach , combined with the help of trained and vigilant employees , stands them in the best stead in an increasingly challenging cyber landscape . u www . intelligentciso . com | Issue 30
65