Strong territorial defense alone is not enough to combat today’s risks, as the Internet created another space for people to operate and to move beyond the physical world. Individuals, private companies and the public sector need to maintain a defensive posture when it comes to watching over their network boundaries.
Companies, governments and everyone using the Internet are fighting cyberwarfare against very sophisticated and highly organized attackers. Still, these entities are still working on cybersecurity which may range from simple to completely sophisticated defensive strategy. We believe that with the best cyberwarfare defensive strategy, entities regardless of size can be protected safely from the most advanced attackers. However, the attackers know how to defeat any run-of-the-mill defenses, and have asserted that they will eventually break into the enterprise.
Companies need to think about ways to stop cyberwarfare attacks coming its way and work on security. How is this different from having a strong “defense”? To stop the attack, it’s not to look at the attacker as it invades the network, praying that it can be stopped with sufficient security measures.
If you want to stop the attack, let’s switch the mindset. Instead of thinking about vulnerabilities, how about looking for attackers’ weaknesses, tracks them, and stops operations. Basically, you will know how the attacker is moving and take advantage of it. This does not mean that you launch a preemptive retaliatory own attack against the cybercriminals. In most cases, such action is illegal in many jurisdictions. Rather, they use their IT environment as a battlefield that they must protect. If possible, you should know what normal activity on your network looks like and have good visibility with your environment using various network-based tools. From this point of view, if there is an anomaly, it can be found out and the hacker’s action can be identified.
Having sufficient visibility in the IT environment and being able to identify infected machines is essential to stop cyberwarfare attacks. To better understand their environment than attackers, companies regularly reconnaissance within the environment, collect information and analyze it in real time. This information can be used to limit hacker behavior and allow companies to control the situation.
It is desirable to be able to see all the functioning elements of the hacking campaign and to immediately block access to the attacker’s network. Fixing security threats one by one is not useful to protect your enterprise. In this way, hackers are being detected, and they will have time to rethink their plans and find ways to circumvent protection. Stopping the attacker’s movement at once brings surprise to the defender.
All you need is a military idea, this method may not be familiar with everyone, let’s work on cyber security with a rather military-like perspective. One challenge that companies face is that security operations tend to be in the area of IT departments. People in the IT department are not chosen to respond to security issues in a military way. They tend to catch incidents on a case-by-case basis, and have not considered how to use the IT environment to stop attackers. The role of IT security professionals involves assigning employees with a history of security. This includes people with experience in the military or working in law enforcement agencies. As a physical matter, they respond to cybersecurity from a perspective that is often overlooked in the current stance on how to stop cutting edge attacks.
For most companies, cybersecurity is dead on computers and servers and doesn’t connect to physical security. However, in reality, the boundaries between cyber attacks and physical attacks are disappearing, the cyberwarfare is happening even if we choose not to engage with it directly or even if we don’t know it is happening. There are many talks for example that show the security of medical devices and how easy it is to break into. By insisting on this point, we would like to show the reality of the current security rather than perpetuating fear. By stopping a cyber attack, a company can suppress hacking without allowing attacker control. The battlefield is becoming increasingly digital, but the methods used by the military and law enforcement agencies are still valid for cybersecurity.