Don’t Get Caught on Your Heels: Be Prepared by Being ProactiveRecent events between the United States and Iran have increased our nation’s concern around a cyberattack, acting as a reminder that preparation to defend against threats shouldn’t be postponed. By: Jake Dorval, Global Director - Secureworks Adversary Group
On January 6, 2020 the Department of Homeland Security issued a warning about the possibility of a cyberattack on U.S. targets and interests abroad. Following the U.S. drone strike that killed Iranian commander Qasem Soleimani, countless media outlets speculated about the risk of a cyberattack and how Iran might retaliate.
Although the details continue to unfold regarding this event, it is worth asking if the advice governments, media, and corporations are sharing is a solid long-term plan. It makes sense that during heightened global tensions, short-term reminders and recommendations to shore up security defenses take priority. Ultimately though, events like this serve as an important reminder that organizations must be on top of their security every single day – and that when action is only prioritized in the wake of a potential crisis, it could be too late to mitigate the impact of a destructive cyberattack.
Cyber-Defense is Not a Destination
Organizations should always be prepared to defend against potential online threats. As the saying goes, defenders need to be right every single time while the attacker only needs to be right once. If organizations become complacent or postpone important security preparations, then they become more susceptible to an attack. Whether the threat originates from Iran, China, Russia, the United States, or even from within your own organization, defending against online threats isn't an achievement you attain – it should be a continuous process that evolves and matures as the threat landscape changes. Sophisticated attackers are everywhere, and we always need to be ready to rapidly respond not just in a potential crisis. It's rare to have advanced warning that the risk of an attack has increased.
Roadmap to Cybersecurity Response Readiness
Organizations should not only have an incident response plan – it should be regularly updated and practiced. Training exercises should be conducted across your business units so that everyone knows their roles and responsibilities in the event of a compromise or online attack. Maintain proper cybersecurity hygiene to help prevent common (but still harmful) threat tactics such as phishing, DDoS attacks, credential theft, and malware injection.
Some recommended steps to help be prepared include the following:
- Create and maintain offline backups
- Perform regular penetration testing to identify and remediate vulnerabilities
- Confirm proper visibility into your environments
- Conduct regular threat hunting engagements
- Closely monitor critical entry points to your network
- Patch regularly and strategically
- Reduce your attack surface by turning off unnecessary ports and services and by limiting external-facing assets as much as possible
The list goes on and on with preventative controls and defensive measures that should be regularly performed. Security practices cannot effectively mitigate risk if they are only addressed when increased risks hit the news cycle. These events may serve as reminders, but 24/7 vigilance is critical to protecting the business.
An Outside Perspective
Not every organization has the need or resources for a full-time security operations center, and coupled with the industry's talent shortage, third party security partners can help identify and address gaps that would otherwise leave vulnerabilities open for threat actors to exploit. If you're ready to test your defenses and better understand how you'd operate against an advanced adversary, talk with a reputable penetration testing team – a team that thinks and acts just like a real-world adversary. The insights that come from an in-depth penetration test will uncover weaknesses inside your security armor, enabling you to strengthen your security posture before the bad guys can take advantage of it.
Think about it like this: You wouldn't only take your car to the mechanic before a very long road trip. Annual inspections and regular maintenance services are performed throughout the year to help prevent breakdowns and keep your ride smooth. The same is true for proactively preparing to defend your organization from a cyber threat. Iran is not the only adversary in the world. It isn't even the most sophisticated nation-state actor we could encounter. It is also important to remember that some of the most destructive threats can come from commonplace, commoditized tactics in our own backyard. Don't get caught on your heels. Make sure you are taking proactive steps to defend your organization every day so that the next time cybersecurity risk is trending in the news, you know you've got your bases covered.