Simply put, most enterprises don’t have the in-house expertise to battle government-backed cyber operations. It is neither advisable nor practical for businesses to go at it alone when facing APT groups. Most organization don’t have the budget or expertise to battle APT groups in real time.
There is, however, protection in numbers. While nation-states continually fine-tune and expand their respective APT groups, security communities counter this by pooling the expertise and knowledge of security experts. Organizations such as MITRE ATT&CK™ seek to stay abreast of the growing threat landscape.
These knowledge bases are designed for organizations to develop specific threat models and strategies for defense based on real-world attacks and observations. These real-world observations include initial access, execution, persistence, escalation, evasion, access, discovery, movement, collection, command and control, exfiltration and impact.
Innovation is Key
The security industry is witnessing new innovations as well, such as the United Kingdom’s Cyber Skills Immediate Impact Fund. This fund promotes neurodiversity to help close the security skills gap. This new initiative taps into groups of people that are able to improve cybersecurity through their different and valuable coding abilities such as those on the autism spectrum for their puzzle-solving prowess.
However, initiatives like this alone will take years to provide the additional security talent required today. Ultimately, managed security solutions are the near-term answer. Cloud and service security providers represent the cornerstone for protecting businesses. Enterprises can never invest enough resources to stay ahead of the rapidly evolving threat landscape; however, cloud DDoS and service providers have both the scale and power of crowd-sourcing to supplement an organization’s in-house expertise to protect it from the most nefarious state-sponsored actor.
It is the security experts and SOC engineers at leading DDoS mitigation vendors who are best positioned to protect the IP of enterprises worldwide, not the hundreds of disparate IT managers who comprise the IT department of a Fortune 500 company.
Here are four key strategies that any and every organization should consider before mitigating the state-sponsored threat:
Train your employees. The first step in preventing these attacks is employee training. Your employees are the weakest link. Training them how to spot phishing and spear-phishing attempts can help prevent future attacks, as these techniques can thwart even the most informed, well prepared defenses. Still, CISOs can lower risks by regularly training and testing employees about proper cyber hygiene and awareness.
In addition, insider threats may be the biggest vulnerability to any enterprise. These threats are typically caused by opportunistic or disgruntled employees whose primary objectives are profit, company shaming or espionage.
If you believe that your organization is a target of an insider threat, contact the authorities immediately. If an employee is compromising your organization, move to limit insider knowledge and access, and remove the employee from the property. Look for unauthorized hardware that may have been placed in your facilities. Items can include USB drives, rogue access points and network hardware that can be plugged into other devices.
Coordinate with law enforcement and other businesses. The sharing of cyberthreat information among businesses and governmental organizations can help mitigate attacks from nation-states and enhances situational awareness as well. Monitor the threat landscape, and collaborate with industry bodies, law enforcement and government agencies to stay on top of attack patterns and trends.
A Cybersecurity Intelligence Agency. Data is the key. The future of automated security is evolving into an ecosystem of virtual intelligence that learns from big data, informs network perimeter defenses and then collects data from both perimeter and endpoint security as well as the network’s traffic flow — in real time and over long trend lines.
The sheer volume and expansive nature of the cybersecurity threat landscape combined with the difficulties associated with information overload denote that organizations need assistance. Enter your DDoS mitigation vendor, which should serve as an “intelligence agency,” providing unique, real-time intel on emerging nation-state threats for preemptive protection.
This data should come from your vendor’s global network of DDoS scrubbing centers, its team of security experts who assist its customers and its ability to leverage a global community of millions of users from which to collect live intelligence and analyze it via machine learning algorithms. Ultimately, knowledge is power.
Automation and Machine Learning. Given the breakout times that state-sponsored threats can now achieve, human diagnosis and mitigation are no longer enough. Mitigating these highly advanced state-sponsored attacks requires DDoS protection solutions that combine machine learning capabilities with negative and positive security protection models. Traditional DDoS solutions use rate limiting and manual signature creation to mitigate attacks.
Automation and, more specifically, machine learning overcome the drawbacks of those approaches by automatically creating signatures and adapting protections to changing attack vectors. Machine learning leverages advanced mathematical models and algorithms to look at baseline network parameters, assess network behavior, automatically create attack signatures and adapt security configurations and/or policies to mitigate attacks.