After understanding the emerging threat landscape and some of the most effective cyberattacks, it is important to work on our own defense. These threat groups have got everything they need to discover an organization's assets and then find the vulnerabilities to build their weapons accordingly. This leads to a huge concern for organizations that have been non-adaptive, sometimes for more than decades, but let's accept the fact that there are a good number of bodies who have been brilliant in achieving cyber hygiene and better cyber defense ecosystems. Let's focus on some of these bodies, including governments and businesses.
Defender perspectives
Governments
Government electronic systems have been targeted by foreign security agencies to gather intelligence. With the growing use of interconnected technology, government systems are also facing challenges in increasing attack surfaces. It is important that government authorities become better at protecting their critical assets.
The United States (US)
US President Donald Trump signed an executive order on May 11, 2017 that covers strengthening the cybersecurity of the federal network, emphasizing accountability, an adaptation of the framework to improve its critical infrastructure, and modernizing existing cybersecurity systems. The DoD has also presented its own strategy on strengthening cyber defense and cyber deterrence postures, and this includes three primary cyber missions, as shown in the following screenshot:
To understand more about the DoD's strategy on strengthening its cyber defense and cyber deterrence posture, follow the link at https://www.defense.gov/News/Special-Reports/0415_Cyber-Strategy/.
The United Kingdom (UK)
With the National Cyber Security Strategy (NCSS) 2016-2021, the United Kingdom's government has planned to make its country secure and resilient. This vision is summarized in the following three objectives:
- To defend cyberspace: This is used to ensure that UK networks, data, and systems are protected and resilient. From this, UK citizens, corporations, and public institutions should have enough expertise and the ability to defend themselves.
- To deter adversaries: This is used to detect, understand, investigate, and disrupt cyber threats against the UK.
- To develop its capabilities: With its self-sustaining pool of talent, it provides the necessary skills to help UK nationals across public and private sectors.
To get an insight into the UK NCSS program, follow the link at https://www.gov.uk/government/publications/national-cyber-security-strategy-2016-to-2021.
Europe
The European Union Agency for Network and Information Security (ENISA) serves as a center of expertise and excellence for both member states and EU institutions related to network and information security. There are some major notable initiatives, such as the Annual Privacy Forum (APF), ENISA Threat Landscape (ETL), and Cyber Europe—a pan-European exercise to protect the EU against coordinated cyberattacks.
In 2018, General Data Protection Regulation (GDPR) will replace the Data Protection Directive 95/46/EC with the following changes under its increased territorial scope: penalties, consent, breach notification, right to access, right to be forgotten, data portability, privacy by design, and data protection officers. To get an insight into each vertical of GDPR, visit the link at https://www.eugdpr.org/key-changes.html.
India
In February 2017, the Indian government's Computer Emergency Response Team (CERT-In) launched Cyber Swachhta Kendra, a Botnet Cleaning and Malware Analysis Center to create a secure Indian cyberspace through detecting and cleaning bots in user endpoints. To know more about India's initiative on the bot cleaning program and how other bodies are helping the government to achieve this goal, visit the link at http://www.cyberswachhtakendra.gov.in/.
Corporate
With the rapid adaptation of mobility, cloud, and IoT, businesses are getting ever more exposed to potential threats. In fact, some of the most trending technologies such as Bring Your Own Device (BYOD) make the probability and severity of insider threats even higher. Even after spending millions of dollars on preventative security, it still never gives complete assurance, and this has made organizations explore various emerging security defense technologies to detect and combat advanced threats that are successful in bypassing existing security systems. In many multinational organizations, the Chief Information Security Officer (CISO) has got multiple hats to wear at a time. In 2018, every CISO will be making some critical decisions regarding their organization's security.
Some of the emerging security defenses are mentioned here.
Endpoint detection and response (EDR)
EDR is a solution designed to detect and remove malicious activities from a network. EDR solutions will typically include the following four capabilities:
- Detecting threats with the continuous monitoring of endpoints
- Collecting and investigating logs and comparing and correlating them with historical events from each endpoint's activity
- Responding to the dangerous attempts of resources and removing them from the network
- Killing unauthorized processes to put the endpoint in a normal state
Deception technology
Deception has been used by the ancient military to in the world wars, and now this time in the world of cyberspace. In a nutshell, this is a technology that allows attackers to penetrate a decoy target system. With deception, enterprises can detect attackers and gather insights into their behavior and artifacts, which will then help improve their defense. This can be extended with multilevel stacks, including network devices, endpoints, and applications.
Cyber threat intelligence (CTI)
CTI is a way of analyzing the capability of adversaries. In cyberspace, it is often delivered in the form of an indicator of compromise (IOC), which includes malicious IP addresses, domain names, hashes, and so on. It is critical for organizations to understand their assets, people, and each connected third party so that they can prepare their own threat intelligence and plan to strengthen their defense.