Given that effective, sustained, and scalable cyber attacks require a high level of planning and development, the most likely scenario is one that uses existing methods, such as ransomware attacks and denial-of-service attacks. However, we cannot exclude the possibility of “Sleeper Agent” attacks, in which malicious code is placed in key systems in “peacetime” and activated remotely during a crisis.
The question is how to prepare for any of these incidents. Most likely, the targets of such an attack will range from government facilities to large commercial organizations and critical infrastructure. Of course, companies face familiar threats every day, so any actions taken to address them should already be part of any security strategy.
Six steps you can take now
There are six main steps an organization must take to prepare for any cyber attack and protect its digital assets:
Segment your network. Critical assets should be divided into well-protected domains. In addition, it is important to use goal-based segmentation to ensure that devices, assets, and data that are constantly moving in and out of the network are dynamically allocated to the appropriate segments defined by the network’s internal policy. The latter ensures that a failure in one domain will not be catastrophic if it spreads to other domains.
Establish and maintain backup communication options. Maintaining open communications with distributed elements of your network is important. Traditional WAN models are very vulnerable to things like DDoS attacks. On the other hand, secure SD-WAN capabilities allow organizations to dynamically change data exchange paths based on various factors, including availability.
Protect critical data. Given the high level of ransomware attacks, each organization should regularly back up critical data and store it offline. These files should also be checked regularly for embedded malware. In addition, organizations should conduct periodic exercises to ensure that data backups can be quickly transferred to critical systems and devices so that the network can return to normal as quickly as possible.
Integrate and automate. The approach of integrating devices into a single security platform ensures that all parts of the system can exchange and compare threat data, as well as seamlessly become an integral part of any coordinated threat response. In addition, the endpoint Detection & Response (EDR) and security Orchestration Automation & Response (SOAR) functions enable rapid detection, management, and automatic response to an attack.
Check the electronic communication tools. Email remains the most common attack vector for infecting devices and systems with malware. In addition to intensive training for end users on how to detect and respond to phishing attacks, secure email gateways should be able to effectively detect and check suspicious malicious email attachments in a secure environment, such as a sandbox. Similarly, next-generation firewalls (NGFW) should be deployed inside the network perimeter to check internal encrypted communications for malware and hidden command and control implants.
Subscribe to channels that contain information about threats: Subscribing to a number of channels that contain information about threats collected from different sources, along with belonging to regional or industry ISAC, allows you to be aware of current attack vectors and new malware. By using this data and embedding it in an integrated security platform, organizations can identify threat indicators – malware signatures that are most likely to affect your network and industry. This way you can not only block them when they are detected, but also prevent them from entering your network in the first place.
Cybersecurity is a team sport
To effectively defend against a targeted cyberattack, everyone must work together as a team to prevent, detect, and respond to the threat in time. This includes everything and everything from the country’s national defense capabilities to local consortia of businesses and industries, communities of cybersecurity solution providers such as the Cyber Threat Alliance. This must be combined with an effective response strategy that involves critical team members to protect resources, quickly recover from an attack using data backups and isolated resources, and attract support from agencies.