Authored By: Gavin Chow, Fortinet’s Network and Security Strategist for Asia Pacific
Given that impactful, sustained, and scalable cyberattacks require significant planning and development, the most likely scenario is one that leverages existing techniques, such as ransomware and denial of service attacks.
However, we cannot rule out the possibility of Sleeper Agent attacks, whereby malicious cyber implants are placed in key systems during "peacetime" and activated through remote control during a crisis.
Here are six essential steps companies can take to prepare for cyberattacks:
Segment your Network
Critical assets should be divided into well-protected domains and intent-based segmentation should be employed to ensure that devices, assets, and data that are constantly moving into and out of the network are dynamically allocated to the appropriate segment based on policy. An effective segmentation policy ensures that a failure in one domain does not become catastrophic by spreading to other areas of the network.
Maintain Redundant Communications Options
Maintaining open communications with the distributed elements of your network is essential. Traditional WAN models are highly vulnerable to things like DDoS attacks. SD-WAN’s secure networking capability, on the other hand, allows organizations to dynamically change communication paths based on a variety of factors, including availability.
Safeguard Critical Data
Given the high rate of ransomware attacks, every business should be regularly backing up critical data and storing it offline. That data should also be regularly inspected for embedded malware. In addition, organizations should run regular drills to ensure that backed up data can be quickly redeployed into critical systems and devices to ensure that networking can get back to normal as quickly as possible.
Leverage Integration and Automation
A platform approach to integrating security devices ensures that they can share and correlate threat intelligence as well as seamlessly participate as an integral part of any coordinated response to a threat. In addition, Endpoint Detection & Response (EDR) and Security Orchestration Automation & Response (SOAR) provide the ability to quickly detect, orchestrate, and automatically respond to an attack.
Inspect Electronic Communications
E-mail remains the most common attack vector for infecting devices and systems with malware. In addition to aggressive end user training on how to detect and respond to phishing attacks, secure email gateways need to be able to effectively identify and inspect suspected malicious email attachments to test for potential threats in a safe environment, such as a sandbox. Likewise, Next-Generation Firewalls need to be deployed inside the network perimeter to examine encrypted internal communications to find malicious software and hidden command-and-control implants.
Subscribe to Threat Intelligence Feeds
Subscribing to several threat intelligence feeds, along with those belonging to regional or industry based ISACs enable you to stay up to date on the latest threat vectors and malicious malware. By ingesting this intelligence and integrating it into an integrated security platform, organizations can highlight threat indicators that are most likely to impact the network and industry to not only block them when detected, but to prevent them from ever entering the specified network in the first place.
To effectively defend ourselves against cyber-attacks, everyone needs to work together as a team to prevent, detect, and respond to threats. This includes the Malaysian Communications and Multimedia Commission (MCMC), Technology Crime Investigation Unit under the Commercial Crime Investigation Division (CCID) of the Criminal Investigation Department in Bukit Aman, CyberSecurity Malaysia, as well as The National Tech Association of Malaysia (PIKOM).
Their involvement should then be combined with an effective cyber response strategy that engages critical team members to protect resources and quickly recover from an attack using backed up data and isolated resources.