Six effective antidotes to modern cyber adversaries

Issue 6 2023 Cyber Security


Armand Kruger.

In the ever-evolving landscape of cybersecurity, it is evident that we are no longer facing the hackers of yesteryear, but a formidable breed of modern adversaries. As the head of cybersecurity at NEC XON, I have witnessed the transformation from hooded hackers to a sophisticated dark economy that poses unprecedented threats and is run like a business. The question is not whether you have security measures in place, but rather where your vulnerabilities lie.

Today's adversaries demand a disruptive and ruthless response, or businesses risk severe consequences. A recent incident involving the South African Department of Defence serves as a chilling reminder where a ransomware group publicly flaunted stolen data as proof of their capability. When signs of a threat actor emerge, defenders must act decisively. To counter these threats effectively, organisations need to adopt a multi-faceted approach. Here are six high-level steps (based on my daily experience as a cybersecurity leader helping large organisations) to bolster your cyber defences.

1. Create risk-based cyber security awareness: In an era of advanced security solutions, adversaries seek the path of least resistance. Unfortunately, that often leads them to exploit the human factor. Your workforce is the weakest link and biggest attack vector in your defence chain. Different departments require varying levels of training due to their interactions with potentially untrusted external parties. Finance, procurement, sales, legal, logistics, PR, and marketing teams are all susceptible to social engineering. IT personnel, holding elevated privileges over critical business systems, demand even more intensive training.

2. Reduce perimeters: Threat actors are adept at pinpointing weak entry points. You inherently limit their attack surface by reducing your perimeter and minimising internet-facing systems. Regular hygiene controls and stringent measures can make infiltration costly and complex. Defenders regain control by focusing on making it exceedingly difficult for adversaries to breach their defences. The age-old concept of massive walls and gates in cybersecurity still holds value, but modern adversaries seek to steal the remote rather than breach the gates - it’s much easier to get in that way.

3. Extend multi-factor authentication across your estate: Multi-factor authentication (MFA) is an indispensable tool that must be extended to all applications, regardless of their location (cloud or on-premises). This strategy thwarts cyberattacks even after unauthorised access is obtained. MFA not only restricts movement within your IT estate but also enhances the ability to detect intrusions. Suspicious activity can be flagged early, offering defenders an upper hand.

4. Use endpoint detection and response (EDR): The age of sophisticated administration by modern adversaries demands a shift from traditional malware-focused detection to anomaly and behaviour-based approaches. EDR solutions detect anomalies in asset behaviour and alert cybersecurity teams promptly. Adversaries often mimic legitimate user actions, rendering standard detection measures inadequate. Behaviour-based detection detects abnormalities beyond malicious software, expediting response times.

5. Implement a multi-faceted privileged access strategy: Privilege-based access limits the blast radius in case of a breach. By closely monitoring and sealing unauthorised pathways, you confine them to a controlled environment. Role-based access significantly hampers their movement, as each identity is restricted to systems relevant to their function. Even if an adversary gains access, their ability to navigate and cause damage is severely restricted.

6. Deploy a defence-in-depth architecture: A robust defence-in-depth architecture establishes a symbiotic relationship between prevention, detection, and response. An attacker bypassing a specific prevention measure doesn't equate to a successful compromise. Effective detection and swift response can mitigate the impact. This approach also reduces the blast radius of an attack and limits communication between the threat actor and compromised machines.

In summary, cybersecurity is fundamentally about risk management. As demonstrated by a recent incident involving Uber, overlooking even a single aspect, such as internal multi-factor authentication, can result in severe consequences.

The dynamic nature of threats necessitates continuous strategy refinement. While building a robust perimeter is crucial, understanding the modern adversary is equally vital. Their goal is not to breach your defences but to silently steal the keys to your kingdom. Incorporating these strategies fortifies your defences by narrowing attack vectors, bolstering employee awareness, and establishing responsive measures. In the world of cybersecurity, it's not a matter of ‘if’, but of ‘when’ an attack will occur. The key lies in being prepared and resilient in the face of adversity.

Learn more at www.nec.xon.co.za.




Share this article:
Share via emailShare via LinkedInPrint this page



Further reading:

Protect your financial assets from unknown online threats
Products Cyber Security Financial (Industry)
Malicious actors employ a myriad of sophisticated techniques, such as hacking, phishing, spamming, card theft, online fraud, vishing, and keylogging, among others, to exploit unsuspecting individuals and gain unauthorised access to their financial resources.

Read more...
Cyber incidents result in a 9% decrease in shareholder value
News Cyber Security
Aon published its 2023 Cyber Resilience Report, revealing that, on average, a significant cyber incident resulted in a 9% decrease in shareholder value – over and above the market – in the year following the event.

Read more...
Automated ransomware recovery
Products Cyber Security
Organisations can now automatically recover from ransomware attacks with the capabilities in Cisco XDR, where the company is adding recovery to the response process by including infrastructure and enterprise data backup and recovery vendors.

Read more...
NIST’s impact on cybersecurity
Cyber Security
Through its NIST Cybersecurity Framework, the non-regulatory agency empowers organisations to take a proactive approach towards managing and mitigating cyber risks, enabling them to stay resilient against the ever-evolving threat landscape.

Read more...
Best practice tips for strengthening data privacy system
Security Services & Risk Management Cyber Security
International cybercriminals are increasingly targeting South African organizations, making data privacy more difficult to maintain. A standardization expert offers insight to help combat this threat.

Read more...
AI-powered cyber protection for consumers
IT infrastructure Cyber Security
Acronis Cyber Protect Home Office is designed for the evolving landscape of cyber threats by integrating Acronis' cyber protection and secure backup solutions, combining AI-powered defence mechanisms, robust data backup, remote management tools, and mobile device protection.

Read more...
A surge of cybersecurity for the energy sector
Government and Parastatal (Industry) Cyber Security
With a rapid transition towards renewable energy, the energy sector has an increased reliance on technology. This makes it particularly vulnerable with regards to cybersecurity, as it depends on interconnected systems and digital technologies.

Read more...
Secure backup strategies imperative for business continuity
IT infrastructure Cyber Security
Cybercrime is on the rise, and businesses need to adjust how they manage their data to fend off attackers, or risk irreparable damage, writes Lisa Strydom, Senior Manager Channel and Alliance for Africa at Veeam Software.

Read more...
CHI selects NEC XON as trusted cybersecurity partner
News Cyber Security Industrial (Industry)
CHI Limited, Nigeria's leading market player in fruit juices and dairy products, has engaged in a strategic cybersecurity partnership with NEC XON, a pan-African ICT systems integrator.

Read more...
Mitigating escalating DDoS cyberattacks
Cyber Security
As cyberattacks, particularly those of the Distributed Denial of Services (DDoS) variety, continue to rise at an unprecedented rate across Africa, it is no longer a question of ‘if’ your organisation will be targeted, but rather ‘when’.

Read more...