We started this series by discussing the notion of living in a world of digital pathogens and then talked about cybersecurity and external attack surface management. Now would be a good time to talk about what we can do when bad things inevitably happen to nice networks.
First, we should establish some hard facts. The number of cybersecurity vulnerabilities in any given network is directly proportional to the likelihood that an attacker will infiltrate and ultimately infect the organization. Breaches happen with increasing frequency as networks and connectivity grow. The primary concern is how long those vulnerabilities have existed and, if the bad actors have made it into the network, how long have they been there.
Knowing how long an attacker has had unfettered access to a network can be challenging to determine, but it is certainly not impossible. What is of great concern to any organization is a sophisticated attacker that enters a network and spreads out to as many organizational nodes as possible, dropping infections and back doors along the way and studying the organization over time.
Ransomware has proven to be a lucrative business model for today’s sophisticated cybercriminals. In this world, it is essential to know when and how to activate the ransomware to guarantee the greatest return in the shortest time. For example, dropping a payload on a system without locking up the backup servers may result in nothing more than a very annoying inconvenience for an organization. They will be scrambling to restore systems from known good backups, which hopefully exist. No, that will not do in the sophisticated world of advanced ransomware. As a bad actor, you want to be sure that you have had enough time to effectively cripple everything. Everything except the connectivity that your victim needs to send you some hard-earned Bitcoins.
Digital pathogens are much like cancer. If you don’t do what you need to do to prevent it in the first place and are vulnerable, you are going to get it. Even if you do your best to secure everything, you may still get hit just by being unlucky. But, if you detect it early enough, there is usually a good chance you will survive the attack and do what is needed not to be vulnerable to future episodes of that nature. If you do not catch it early enough, it may be game over for your organization.
To summarize, what this means is that it is critically important to understand how vulnerable an organization is externally and internally. It is also vital to detect this early enough to prevent a digital infection or stop it before it is too late.
It is a simple concept when you think about it. Putting this concept into practice, however, is the key to success.