It is September 5th, 2022 and probably as good a time as any to re-evaluate where we are with a general Attack versus Defense analysis:
Attackers: Only need to find one problem in defense to overcome and take advantage of to breach a system or network. Once the system is found that can be overtaken the attacker can focus on getting other systems in the network or trying to get administrator access. This is also known as escalation of privileges. Passwords can be tried in multiple ways even a methodology of only trying a few at a time so as to not look like a concerted attack. The attacker can also resort to phishing attacks (email targeted to administrators) to get the administrator password.
Remember one of the best methods of attack has to do with Social Engineering attacks (as in the image) with a wide variety of ways to get the first entry into the network.
The attacker has many methods of attack and only needs to succeed once before the system is breached.
Defenders: Have to defend all systems and especially the administrator access must be guarded. Must patch all systems, must have a social engineering program to try and not give out information freely (like the administrator password). The administrator should know when and how to access the administrator functions (which should mean not via email link).
Security Awareness program is important to counter the social engineering attacks of the attacker.
The defender has certain TTPs (Tactics, Techniques, and Procedures)
If the defender is not careful then the TTPs may be telegraphed to the attacker which will give the attacker a leg up on how to attack in future.
How does one defend against social engineering attacks? Through training.
What about cloud systems that the company has contracted for certain applications – who is in charge of defending those machines? Or the application itself?
The above image is for when travel is done are you letting employees connect to hotel wifi? How do you know it is legitimate wifi? Could they be set up by the attackers?
For example: do you allow your employees to bring their own devices so they can connect to your company network? Or does the employee connect from home via a VPN? who is in charge of updating all the systems on the employee home network?
The problem with giving employees more freedom is that the security defense becomes more difficult. One solution is to create a guest network, where all the employee personal devices can connect to. The disadvantage is that the guest network should not have access to the main network to give more defense layers.
What would be the end result of Attack — Defense analysis.
One can make defensive decisions to stay ahead of the attackers, but it requires making concerted efforts which may not be possible in some situations. As more employee freedoms are given the task becomes more difficult.
A security policy to communicate to employees is important. Contact us to discuss.
The defense has many possible areas for mistakes and if one is not willing to accept help in the form of an audit the challenge of doing everything correct may be too much to defend.
It is better to have a continuous improvement thinking and accept help where needed.