Pre-empting Advanced Cyber Attacks – The Fifth Domain Warfare
“Cyberspace will become a main front in both irregular and traditional conflicts. Enemies in cyberspace will include both states and non-states and will range from the unsophisticated amateur to highly trained professional hackers. Through cyberspace, enemies will target industry, academia, government, as well as the military in the air, land, maritime, and space domains. In much the same way that airpower transformed the battlefield of World War II, cyberspace has fractured the physical barriers that shield a nation from attacks on its commerce and communication.”
~US Joint Forces Command~
Cyberwarfare that is politically or economically targeted on key organizations, industries or government departments to inflict maximum damage, sabotage or espionage is the new age information war methodology. The Economist in one of its report, warns China of winning “informationised wars” by the mid-21st century. Other countries like Russia, Israel and North Korea has organized Cyberwarfare cells. Iran, incidentally boasts of having the world’s second largest cyber army.
Considering the massive security breach that has been happening worldwide, in recent years, organizations along with their governments are all out to beef up their cyber security systems, and defend national and organizational network interests from rogue infiltration and breaches. What security experts are exploring are fool proof intelligence reports from the huge amounts of data that is available via sensors and monitors on global networks. This can predict attacks, identify them and provide pro-active defense to pre-empt them .
As information is circulating about advanced hacking of media organizations such as The New York Times, The Wall Street Journal and social networking site Twitter, a blog post by Lawrence Pingree, research director at Gartner, highlights some recent Gartner research that provides advice on how to avoid these types of advanced targeted attacks (ATA).
“While nation states can pose a larger threat than many other types of cyberattackers, the most sophisticated and advanced targeted threats are frequently developed by financially motivated attackers — the funding of ATAs at the nation-state level is not a necessary requirement as many of the latest tools and techniques are freely shared in the hacker underground,” said Mr. Pingree. “Organizations must continue to set the security bar higher, reaching beyond many of the existing security and compliance mandates in order to either prevent or detect these newly emergent attacks and persistent penetration strategies.”
Mr. Pingree recommends the following strategies for dealing with ATAs:
1. Security program managers need to take a strategic approach with tactical best-practice technology configurations in order to properly address the most common advanced targeted attack scenarios to increase both detection and prevention capabilities.
2. Start by shutting down the low-hanging vulnerabilities that adversaries will target to deliver the ATA.
3. To reduce the impact of social engineering attacks, ensure that end users do not have administrative access; and when IT administrator access is required for system administration, perform these functions on isolated systems that are not used for email or Web browsing.
4. Focus on unifying security controls through context awareness to consistently enforce security throughout the infrastructure with concerted security responses across multiple security controls.
5. Implement security information and event management (SIEM) capabilities. The monitoring and analysis of the output of security controls is as important as the operation of the security controls themselves.
6. Acknowledge that not all threats can be prevented and, therefore, the speed to resolution upon detection is also critical. Improve incident response processes.
Cyber-attacks, malware, and data leakage constantly threaten IT. Cloud-based security services are key to the future of defense, but providers must continually improve.