Few areas of technology change as aggressively or have as much citizen impact as cyber security. Managing the risk of disruption from cyber attack relies on an organisation having a solid understanding of what cyber security is in the first place, how it is evolving and where attackers are heading next.
In this environment where organizations are under constant risk from continuously evolving threats, a conventional approach to cyber security concerned with simply hardening systems against attack is often not enough. A truly security-focused enterprise is one that is able to learn and adapt to changes. This dynamic, multi-layered protection adapts to attacks and, in some cases, anticipates hacks before they happen, moving cyber security to a proactive instead of a reactive, standing. Importantly, this level of maturity enables better protection against even the most sophisticated and regular Advanced Persistent Threats.
This proactive approach to cyber security relies on two key components – an intelligence-based view in to advancing cyber protection and a robust and repeatable methodology to block an adversary across the multiple stages of an attack. The Intelligence-Driven Defense® approach and Cyber Kill Chain® methodology pioneered by Lockheed Martin are two such methods adopted by many of the world’s leading Government, Military, Energy, Financial, Pharmaceutical and Enterprise organisations.
The digital landscape presents a continual challenge to the operators of both Enterprise IT and, of particular importance for the MENA region, critical national infrastructure found in the oil and gas, utilities and transport infrastructure. In tandem with the platform, a clear understanding of how best to protect the network and staying up to date with the latest threat actors is critical. At every level it is key to have detail of the who, what, where when, why and how as it relates to cyber defence.
Who is most likely to attack and what method are they likely to use?
In the cyber realm, these are known as ‘threat actors’ and ‘attack vectors.’ If you understand how these elements function in an attack, what mechanisms they are likely to use and how they may have been repelled before you can deploy the proper controls to prevent intrusion.
What information or systems are they trying to access?
In the world of information security, this could be sensitive or classified information, competitive intelligence or even personal information that could be exploited. In the realm of critical infrastructure it could be the systems that control production, water desalination or command and control platforms targeted for attack. In either scenario, protection of the high value information and assets is key.
Where is the attacker likely to get access?
For cyber analysts, it is critical to look at where there are points of entry in the system, whether they are being used to access information today or how those entry points might be compromised in the future. Reducing entry points clearly simplifies the process.
When are they likely to attack?
Understanding attack patterns, whether they’re seasonal, at certain times of day or around specific events will lead to more informed decisions. Even failed attacks should be considered and evaluated in the initial design or ongoing operations of a system. They can give clues on an attacker’s ultimate intentions, a specific fingerprint unique to a campaign, region or adversary.
Why are they looking to access this information or system?
From denial of service to extraction of information or system failure, the actionable objective of any cyber attack can vary hugely. Some may be looking only for access that can be sold to a third party, others a sustained and concerted attempt to damage and disrupt infrastructure. It is key to understand not only the type of threats you are facing but also the outcome they are looking to enable.
How can you stop this type of attack?
In cyber, people focus on a single control – like a great lock for their front door – when they are leaving the window wide open next to it. The design and build of a system to be hardened and secure is reliant on a continuous cycle of operate, run and maintain on a ongoing basis. Organisations should look to remove single points of failure in their defence.
Adding to this complexity is the fact that cyber security doesn’t exist in a vacuum. The ever-changing landscape of IT and critical national infrastructure continuously adds complexity in our ability to maintain data and network integrity from attacks. Cloud and mobile computing, telecommuting policies, the very nature of working in a fully international and internet connected environment all create a wildly diverse set of additional challenges. Leaders need to have full confidence in the cyber methodology in use as any weak link in the chain can put your entire information security infrastructure and company at risk. The Lockheed Martin Cyber Kill Chain® and Intelligence-Driven Defense® methodology is trusted by Governments, Defence agencies and commercial organizations across the world to protect their most vital assets.