Enterprise security teams have found themselves in a seemingly endless cat-and-mouse game with increasingly sophisticated and well-connected networks of cybercriminals. Until recently, many malicious hackers worked together in a clandestine fashion (e.g., on the Dark Web), but a new trend is emerging in which cybercriminals brazenly advertise their skills out in the open, through social media or a simple Web search, according to CUInfoSecurity. While this may feel like a slap in the face, enterprise security teams can actually take advantage of this new bravado to better position themselves against cyberattacks.
Know Your Enemy
One key to developing a successful approach can be summed up in the words of Sun Tzu, author of The Art of War, when he said, "Know your enemy and know yourself and you can fight a hundred battles without disaster."
The fact is that cybercriminals are sharing their skill sets and success stories openly to attract other hackers with complementary-although nefarious-competence to carry out highly sophisticated and complex cyberattacks. This information can provide key insights to security teams. With proper due diligence, security teams can learn more about the potential process of a security breach, how the cybercriminals work together, and then develop a counterstrategy to prevent and mitigate an attack. These efforts should not only focus on prevention, especially since many organizations don't even realize they have been breached for weeks or even months after the fact. By gaining an understanding of how malicious hackers work together after the initial infiltration, enterprise security teams will ultimately be better equipped to mitigate the damage before it becomes detrimental to the business.
Tips to Stay Ahead of Cybercriminals
In addition to understanding how malicious hackers collaborate to carry out large-scale security breaches, organizations should learn how to act like them. There are several ways to approach this, including the following:
- Embracing Change: One technique attackers use is creating malicious codes or techniques that morph into something different before they can be detected. Although it isn't always easy, changes to the IT environment will inevitably throw attackers off the more static systems they like to exploit.
- Continuous Monitoring: To carry out a successful attack, hackers start by watching every move users make. By deploying proactive infrastructure- and application-monitoring tools, security teams can detect any irregular or suspicious activity that may be signs of a compromise.
- Building More Secure Applications: While there are many tools to secure critical business data at the network level, many cyberattacks exploit vulnerabilities at the application level. By building applications with security in mind from the ground up, enterprises create another line of defense for bad actors who have already figured out how to breach standard off-the-shelf applications.
- Multidimensional Analytics: Attackers make a business of observing their victims' digital activity, and enterprises should do the same. No matter how clever the hackers are, they will inevitably leave a trace of their malicious activity. With multiple types of analytics tools, enterprises can more quickly detect automatically detect anomalies that indicate compromise.
- Education and Awareness: Malicious hackers largely count on unwitting employees falling for well-disguised phishing tricks. By educating employees on what to look for before clicking on links, enterprises can create yet another line of defense against initial intrusions.
Enterprise security teams won't have to play catch-up with cybercriminals if they learn to think like them. By gaining a full understanding of attackers' increasingly sophisticated and well-published capabilities and how they work together to execute attacks, enterprises have a fighting chance to prevent or mitigate damage or loss.
Category: RSA Fundamentals, Blog Post
Keywords: Cybercriminals, Detection and Response, Education