Identify the most impactful mitigation strategies in use today. IT leaders can apply many of these to harden defenses against the most popular tactics used by malicious code today.
Background: Colonial Pipeline, JBS, Baltimore Schools, SSA
Cybersecurity breaches increased in severity, scope, and frequency in 2020 and 2021. Even organizations deemed critical to national infrastructure and security have forcibly gone offline for days. Some of the most recent:
- Colonial Pipeline
- JBS meat
- Baltimore County Public Schools System
- Steamship Authority (SSA)
These are only the most popularly known attacks. Smaller organizations close their doors too frequently due to cyberattacks. They do not have the available resources to withstand downtime, ransom, and cleanup costs.
Goals of this article
Small and Mid-Size Businesses (SMBs) need a practical, low-cost mitigation strategy. This article will present a list of items for IT leaders. Some of these will be easy to implement immediately. Others might require discussion or pose a challenge for some organizations.
Every mitigation helps to increase the difficulty of breaching your organization and does not depend on others. Apply what you can, and move on.
The primary goal is to shift your posture from wait-and-see to responsiveness.
To this end, we also discuss methodology. IT leaders can make changes to customize for their organization and adapt to emerging trends.
How to Think about Cybersecurity Mitigation in 2021
Years ago cybersecurity professionals tended to look at private networks as protected spaces. They would invest all resources on endpoints to prevent entrance. These days we take a more nuanced, multi-gate approach referred to as Zero Trust.
The idea is not to imagine that we can create an impenetrable barrier that no hacker could beat. Instead, we must admit the possibility that malicious code could find its way onto our system. Unfortunately, recent security breaches make this scenario all too plausible. ®
Once we admit the possibility of compromise, we can immediately take action to reduce potential damages. We act to limit activity, slow down malicious progress, identify harmful code, and expel it from the system so that in the event of breach, there is a high likelihood that we can deal with it before significant damage can be done.
Methodology
We have chosen a straightforward, transparent methodology that any organization will be able to emulate and/or modify.
The Mitre ATT&CK® Framework
Mitre ATT&CK® is a globally-accessible knowledge base of adversary tactics and techniques based on real-world observations. The ATT&CK® knowledge base is used as a foundation for the development of specific threat models and methodologies in the private sector, in government, and in the cybersecurity product and service community.
Mitre updates the database frequently with new tactics and techniques that are used in recent cyberattacks. They also publish a list of mitigations that IT can apply. As part of the entry for each migration, you can see the tactics and techniques that it impacts.
Our methodology was simple. We took the full list of mitigations and scored them by the number of tactics and techniques impacted. We published our results as a downloadable spreadsheet: Cybersecurity Mitigations by Efficacy, 2021.
The results show clearly that some mitigations, such as Privileged Account Management, Pre-compromise, and User Account Management impact up to 10% of total techniques, whereas many affect fewer than 1%.
How to Apply Cybersecurity Mitigations
- Open Cybersecurity Mitigations by Efficacy, 2021. We encourage you to make your own copy.
- Mitigations are organized by name, with descriptions and most importantly the url where mitigations are discussed at length.
- Navigate to the mitigation url
- Create three buckets:
- Changes that can be made immediately
- Changes requiring more complex implementation but are not resource intensive.
- Changes that are too resource intensive to consider at this time.
- Execute immediately where possible, and plan for additional changes to be made as soon as possible.
Mitigation Strategy Ideas
The Cybersecurity Mitigations CSV awards one point for each technique or tactic effected. This scoring methodology is simple by design. You might want to modify it.
Here are a few additional ideas to consider.
Harden your organization to specific software or groups
If your industry has been attacked by a specific piece of software or group, then it will be easier to build buy-in for countermeasures for this specific group.
Filter Mitre ATT&CK® by this group to identify preferred tactics and techniques. Cross-reference these tactics with the mitigations that would prevent them.
Target an attack segment
Mitre ATT&CK® Navigator maps tactics and techniques to attack segments. Perhaps you have identified core resources that you do not want breached under any conditions. Perhaps you want to increase difficulty for initial segments to discourage fuller exploits.
Use the navigator to identify the tactics you would like to target. Then cross-reference with mitigations that cover the most territory with the greatest ease.
Join the Discussion on Cybersecurity
Cybersecurity Mitigations by Efficacy helps Small and Mid-Sized Businesses equip networks with effective and practical countermeasures to emerging cybersecurity threats.
If you have difficulty using our Spreadsheet or have additional comments, suggestions, please email david@platteriver.com or connect with us on LinkedIn.
Platte River Networks includes a comprehensive cyber security solution for all its managed IT customers including a full mitigation strategy. Please go to Intuition Security+ to learn more at www.platteriver.com