Actionable Security Against Advanced Threats

Author: Roberto Martínez , Practice Lead, Cybersecurity Services North America

Read time: 4 minutes

With the rapid evolution of technology, organizations face an ever-increasing number of sophisticated cyber threats: modern Ransomware campaigns, Generative AI, Supply Chain Attacks, APTs attacking mobile, wearables, and smart devices, abuse of legitimate tools LoTL (Living of The Land) and Identity-based and Social Engineering attacks, are just a few examples of how the threat landscape continues to grow in complexity, sophistication, and frequency.

As advanced attacks emerge, organizations must adopt actionable security measures to protect their environments from end-to-end and stay ahead of adversaries. The impact of cyberattacks is increasing, and we realize that despite significant investments in monitoring and protection, many of these attacks are successful. So, what's going wrong?

A key aspect is the adversaries' need for knowledge, capabilities, and ways of operating. Also, an overly general approach to the threat and risk landscape for the organization limits the efficient management of resources and efforts.

On the other hand, we frequently underestimate the ability of attackers to evade security controls and operate "under the radar" before being detected. Protection tools that use state-of-the-art technologies and integrate machine learning and artificial intelligence do not guarantee we will win the battle.

It is no longer enough to apply security controls based on some framework, comply with a regulation or perform periodic vulnerability scans-pen testing; we need to change the paradigm regarding the way we understand the threats and risks for the organization, identify attack surfaces in a more granular and specific way, implement concrete measures to reduce them, expand the ability to detect an attack at an early stage and respond to a security incident in an agile way.

Organizations should adopt a security approach not only from an attack-defense perspective but also from understanding that behind a cyberattack, there is a motivation that represents a cost-benefit for the adversaries, and to the extent that we understand that it might motivate an adversary to invest time and resources in attacking us, we will have a better idea of the kind of measures we need to implement to make any attack attempt costly to them.

Cybercrime is an industry that moves millions of dollars annually, and the groups behind it handle large amounts of resources and money; it is an asymmetric battle requiring strategic and proactive defense. The question is whether we are prepared to confront those adversaries with our current resources.

To improve the security posture and resilience, organizations should adopt proactive defense principles rather than reacting by starting with:

• Understanding the current organization's security posture and align it with business objectives.
• Identifying the level of maturity in different security areas,
• Carry out an initial diagnosis of what you currently have in your organization, knowing what is working and what areas require improvement and development.
• Validating whether the controls and security measures implemented in the organization would work in the face of a potential cyberattack.
• Knowledge of the threat landscape for your industry or company, not only from a technical approach but also considering the context of the environment, such as geo-political and social-economical aspects.
• Understanding and knowing the groups of adversaries and attack techniques could be considered a risk to the organization.

The implementation of concrete actions must accompany this knowledge to protect your assets and reputation from emerging cyber threats, such as:

• Identify the technologies and resources that need improvement; we will need to strengthen those areas.
• Implement real-time monitoring with contextual intelligence ensures greater visibility across the organization to prioritize responses effectively, identifying known Indicators of Compromise (IoC).
• Integrate Threat-hunting activities to detect indicators of attack (IoA) and contain malicious activities in the early stages.
• Perform granular Red Teaming exercises focused on specific malicious behaviors to detect blind spots.
• Conduct Purple Team engagements based on adversarial cyberattack simulations from a threat actor's perspective while facilitating collaboration and knowledge transfer between offensive and defensive teams.
• Create a well-designed Incident Response program to respond quickly and effectively to incidents and breaches reduces the recovery cost and improves the organization's security posture.
• Educate users and staff on how to avoid modern threats beyond regular phishing, malware, and social engineering training.

Performing actions in the right direction requires a constant and permanent effort; each technological advance will bring new risks to your organization, and Threat Actors will always find a way to achieve their goals. Let's think as if we were in a game of chess, a football match, or any strategy sport that you like, where you take the time to understand your opponent's intentions, not only to work on your defense strategies but also anticipating their moves to contain and defeat it.

The threat landscape will continue to evolve, but with the right strategies, you can stay one step ahead of adversaries.