Security Strategy Starts with the Basics
Cyber attacks are very much in the public consciousness at the moment. From FireEye, to the US government and even the unfortunate Artem Dzyuba with his phone.
These were all (probably) nation state level attacks using 0 day exploits and so, have garnered a great deal of press coverage. We don’t expect these targets to get popped.
When even the biggest and the best can be compromised what chance is there for the rest of us?
The reality is most businesses are not targeted by Nation State level adversaries.
Yet successful attacks still regularly take place. Why is this?
Attackers grind through the process of reconnaissance, enumeration and probing until they get lucky. When you’re the defender you have to be right all the time. As an attacker you only have to be lucky once. Find that one chink in the armour and you’ve breached the perimeter.
A client recently had a breach due to the fact that their WAF yearly contract expired when their chief admin was on holiday for a week. That meant their WAF was no longer in place for the space of 5 days and as it turned out, their website code was vulnerable. The only thing preventing a successful attack all year round was their WAF. As soon as that was down an attacker was able to get in and compromise their site.
What’s the solution?
Put simply, a Defence in Depth approach to security is essential!
By not relying on simply one layer of protection it is possible to raise the bar and frustrate the attempts of attackers to the point they move on and look for an easier target.
Nation State level attackers have a specific objective and only one place they can achieve it. Therefore, they have to be dedicated and motivated to go to whatever lengths are needed to achieve it. As we’ve seen, any target can be hacked if you have the motivation and resources.
For most attackers it’s a numbers game. They’re looking for quick wins so they can grab the gold and move on to the next target.
By EFFECTIVELY covering the basics most companies can make themselves sufficiently difficult to compromise that the attackers move on to easier pickings elsewhere.
So what to do?
- Take an attackers view when considering your security strategy
- Embrace defence in depth
- Apply the principles of least trust throughout your organisation
I hope this is helpful,
Ben
World-class Branding Strategy for Established Online Businesses. We Ignite Brands from Incognito to Iconic. Get Ready to Own Your Brand Perception!
4 年Love it!!