Six effective antidotes to modern cyber adversaries

Issue 6 2023 Information Security


Armand Kruger.

In the ever-evolving landscape of cybersecurity, it is evident that we are no longer facing the hackers of yesteryear, but a formidable breed of modern adversaries. As the head of cybersecurity at NEC XON, I have witnessed the transformation from hooded hackers to a sophisticated dark economy that poses unprecedented threats and is run like a business. The question is not whether you have security measures in place, but rather where your vulnerabilities lie.

Today's adversaries demand a disruptive and ruthless response, or businesses risk severe consequences. A recent incident involving the South African Department of Defence serves as a chilling reminder where a ransomware group publicly flaunted stolen data as proof of their capability. When signs of a threat actor emerge, defenders must act decisively. To counter these threats effectively, organisations need to adopt a multi-faceted approach. Here are six high-level steps (based on my daily experience as a cybersecurity leader helping large organisations) to bolster your cyber defences.

1. Create risk-based cyber security awareness: In an era of advanced security solutions, adversaries seek the path of least resistance. Unfortunately, that often leads them to exploit the human factor. Your workforce is the weakest link and biggest attack vector in your defence chain. Different departments require varying levels of training due to their interactions with potentially untrusted external parties. Finance, procurement, sales, legal, logistics, PR, and marketing teams are all susceptible to social engineering. IT personnel, holding elevated privileges over critical business systems, demand even more intensive training.

2. Reduce perimeters: Threat actors are adept at pinpointing weak entry points. You inherently limit their attack surface by reducing your perimeter and minimising internet-facing systems. Regular hygiene controls and stringent measures can make infiltration costly and complex. Defenders regain control by focusing on making it exceedingly difficult for adversaries to breach their defences. The age-old concept of massive walls and gates in cybersecurity still holds value, but modern adversaries seek to steal the remote rather than breach the gates - it’s much easier to get in that way.

3. Extend multi-factor authentication across your estate: Multi-factor authentication (MFA) is an indispensable tool that must be extended to all applications, regardless of their location (cloud or on-premises). This strategy thwarts cyberattacks even after unauthorised access is obtained. MFA not only restricts movement within your IT estate but also enhances the ability to detect intrusions. Suspicious activity can be flagged early, offering defenders an upper hand.

4. Use endpoint detection and response (EDR): The age of sophisticated administration by modern adversaries demands a shift from traditional malware-focused detection to anomaly and behaviour-based approaches. EDR solutions detect anomalies in asset behaviour and alert cybersecurity teams promptly. Adversaries often mimic legitimate user actions, rendering standard detection measures inadequate. Behaviour-based detection detects abnormalities beyond malicious software, expediting response times.

5. Implement a multi-faceted privileged access strategy: Privilege-based access limits the blast radius in case of a breach. By closely monitoring and sealing unauthorised pathways, you confine them to a controlled environment. Role-based access significantly hampers their movement, as each identity is restricted to systems relevant to their function. Even if an adversary gains access, their ability to navigate and cause damage is severely restricted.

6. Deploy a defence-in-depth architecture: A robust defence-in-depth architecture establishes a symbiotic relationship between prevention, detection, and response. An attacker bypassing a specific prevention measure doesn't equate to a successful compromise. Effective detection and swift response can mitigate the impact. This approach also reduces the blast radius of an attack and limits communication between the threat actor and compromised machines.

In summary, cybersecurity is fundamentally about risk management. As demonstrated by a recent incident involving Uber, overlooking even a single aspect, such as internal multi-factor authentication, can result in severe consequences.

The dynamic nature of threats necessitates continuous strategy refinement. While building a robust perimeter is crucial, understanding the modern adversary is equally vital. Their goal is not to breach your defences but to silently steal the keys to your kingdom. Incorporating these strategies fortifies your defences by narrowing attack vectors, bolstering employee awareness, and establishing responsive measures. In the world of cybersecurity, it's not a matter of ‘if’, but of ‘when’ an attack will occur. The key lies in being prepared and resilient in the face of adversity.

Learn more at www.nec.xon.co.za.


Credit(s)




Share this article:
Share via emailShare via LinkedInPrint this page



Further reading:

Highest increase in global cyberattacks in two years
Information Security News & Events
Check Point Global Research released new data on Q2 2024 cyber-attack trends, noting a 30% global increase in Q2 2024, with Africa experiencing the highest average weekly per organisation.

Read more...
Continuous security optimisation.
News & Events Information Security
Cymulate has announced its partnership with SentinelOne, a threat exposure validation and AI-powered cybersecurity platform. The collaboration delivers self-healing endpoint security that empowers businesses to increase protection for every endpoint on their network.

Read more...
Protect your smart home devices
Kaspersky IoT & Automation Information Security Smart Home Automation
Voice assistants, kitchen robots, smart lights and many other intelligent devices have become part of our everyday life. However, with the rise of smart technology comes the need for robust protection against potential vulnerabilities.

Read more...
ISPA’s take-down process protects from local scams
News & Events Information Security
During the recent school holidays, parents could rest a little easier knowing that ISPA, SA’s official internet industry representative body, is removing an average of three to four problematic websites from the local internet every week.

Read more...
NEC XON disrupts sophisticated cyberattack
Information Security
NEC XON recently showcased its advanced cyberthreat detection and response capabilities by successfully thwarting a human-operated ransomware attack targeting a major service provider.

Read more...
What’s your cyber game plan?
Information Security
“Medium-sized businesses are often the easiest target for cyber criminals, because they are just digital enough to be vulnerable, but not mature enough to be fully protected," says Warren Bonheim, MD of Zinia.

Read more...
Upgrade your PCs to improve security
Information Security Infrastructure
Truly secure technology today must be designed to detect and address unusual activity as it happens, wherever it happens, right down to the BIOS and silicon levels.

Read more...
Open source code can also be open risk
Information Security Infrastructure
Software development has changed significantly over the years, and today, open-source code increasingly forms the foundation of modern applications, with surveys indicating that 60 – 90% of the average application's code base consists of open-source components.

Read more...
DeepSneak deception
Information Security News & Events
Kaspersky Global Research & Analysis researchers have discovered a new malicious campaign which is distributing a Trojan through a fake DeepSeek-R1 Large Language Model (LLM) app for PCs.

Read more...
SA’s strained, loadshedding-prone grid faces cyberthreats
Power Management Information Security
South Africa’s energy sector, already battered by decades of underinvestment and loadshedding, faces another escalating crisis; a wave of cyberthreats that could turn disruptions into catastrophic failures. Attacks are already happening internationally.

Read more...










While every effort has been made to ensure the accuracy of the information contained herein, the publisher and its agents cannot be held responsible for any errors contained, or any loss incurred as a result. Articles published do not necessarily reflect the views of the publishers. The editor reserves the right to alter or cut copy. Articles submitted are deemed to have been cleared for publication. Advertisements and company contact details are published as provided by the advertiser. Technews Publishing (Pty) Ltd cannot be held responsible for the accuracy or veracity of supplied material.




© Technews Publishing (Pty) Ltd. | All Rights Reserved.