Top 5 Cyber defence strategies to reduce risk

The complexities of software and systems provide a rich target for today’s cyber adversaries to test and exploit:

Bugs in underlying software architecture.?Challenges in incorporating third party services and programmes.?Deployment models and modifications unforeseen at design stages.?

So, how can vendors, integrators, operators and consumers of these software systems maintain vigilance against this ever-growing sophisticated backdrop?

1.????Threat landscapes constantly evolve. Technology can help

As adversaries use new methodologies and technologies, it stands to reason that the most vulnerable components of platforms, software and human-based processes will increasingly be open to compromise.

The answer to this is usually more, not less, technology.?Technology is a vital component to help defend complex systems. Firewalls, email filters, URL-rating engines, topology hiding techniques and two-factor identification/authentication are very effective mechanisms to help reduce whole classes of attack vectors.

Software systems need to be continually upgraded and patched for functionality or security reasons; however, this brings a near continuous ingest of new software onto critical corporate systems – a threat vector in and of itself.

As companies assess these new threats to their business, they should consider the following:

·??????Should this software ever be trusted?

·??????What does it mean to deny or limit trust?

·??????What mitigations can be put in place?

2.????Attacks will succeed. So invest in reducing the impact of a breach

Knowing the threat landscape constantly changes also requires accepting some attacks will inevitably get through. Supply chain attacks, for example, are notoriously difficult to intercept.

Technical analysis of a new software or patch in isolation will not prevent the ingest of malware. Nor will sandboxing new software for observation and analysis to find unexpected behaviours. How long should a company wait? What stimuli should be applied to the software to potentially provoke malevolent activity? For example, the well-known SolarWinds supply chain attack was extremely effective, despite these technical measures.?

So, what can be done??

After a compromise, most technical capabilities attempt to reduce the attacker’s dwell time. Most of these are heuristic in nature, either through defined rules of previously known attacks or machine learning-based techniques that detect unusual behaviour.

The field of User and Entity Behaviour Analytics ( UEBA ) further tries to understand if humans, or malware acting as humans, attempt to perform actions outside of permitted or normal behaviours for the location, time and role of the user. All of these are useful insights into potentially harmful behaviour and help to limit the damage of an intrusion.

3.????A “Zero Trust” security posture can significantly slow down a breach.

All these mitigating strategies are techniques applied post compromise. They try to reduce the dwell time of malevolent activity. But acknowledging that these events will continue to occur, means strategies must be devised to ensure that compromise in one part of your system does not automatically mean that all your systems are compromised.?

The principals of Zero Trust, articulated by the UK government’s National Cyber Security Centre and the US Defense Information Systems Agency, address these aspects of defence. By ensuring least privilege, for the least amount of time – segmenting network assets appropriately and requiring constant authentication to access assets – means a further barrier is in place. This slows down adversaries to improve the chances of detection so mitigating actions occur before data or control is ceded to attackers.

Moving towards a Zero Trust Architecture provides incremental improvements to your security posture.

4.????Maintain a multi-faceted approach.

Perimeter-based defence can no longer be the bastion network managers rely on to prevent compromise. Instead, using many techniques and technical controls help make it harder for bad actors to achieve their goals.?

Humans are the best line of cyber defence, but humans do make mistakes under pressure, or because a sophisticated attacker tricks them into error. It is therefore important to consider your network assets, segment them appropriately, and introduce technical controls that help to ensure the least amount of harm can be done. No single element of any part of this process can be ignored because each element of protection aids the other, thereby reducing the number and effectiveness of attacks. It is this multifaceted approach that provides the best hope.

Raytheon UK protects its own networks based on these principals, applying our knowledge of market-leading products, and our own cyber expertise to provide advanced protection that is appropriate to the data and risk profile of the organisation. This keeps our customers’ and our own data safe.

5.????Take a continuous, risk-based approach to security based on your needs.

Compliance and risk management regimes set by the PCI Security Standards Council, NIST/CMMC or basic checklists like the National Cyber Security Centre 10 Steps to Cyber Security, are a great place to start when defining processes, controls and protections.

Compliance, however, does not assure security. In the current climate, where vulnerabilities are discovered, bought and sold at an alarming rate, organisations should take a continuous, risk-based approach to security based on their own specific profile.

Organisations can attain an extremely high level of protection through adopting straightforward cyber hygiene. But even then, for UK Critical National Infrastructure and those industries supporting them, there is direct evidence of very sophisticated actors breaking through. Therefore, never let your guard down, or assume you have sufficient protection to defeat all adversaries. Pride comes before the fall.