It was the Chinese philosopher and military strategist Sun Tzu who in the fifth century once said ‘know thy self, know thy enemy’. Despite the huge chasm in time between then and now, his words still prove to be wise advice – particularly when it comes to dealing with cyber attacks.
Nowadays it is almost inevitable that businesses will be targeted by cyber criminals at some point, and the only way to protect against them is to constantly remain on-guard. Achieving effective protection, however, requires understanding the psychology and motivations behind the cyber criminals involved, before turning these insights into sensible defence-orientated decisions.
Thinking like an attacker
One way to do this involves adopting what is known as ‘attack/threat modelling’. This involves thinking like an attacker to discover new tactics, techniques and procedures (TTPs) that are most likely to be used by threat agents to orchestrate and manage attacks against businesses.
Attack/threat modelling allows CIOs to identify any system vulnerabilities/errors at the earlier instance and take appropriate action to fix them before they come under attack from a genuine threat. In turn, this helps to clearly understand the internal security posture, including risks around technology, people and processes, by employing the latest innovations and combining the intelligence and creativity of both the human and the machine.
There are other benefits associated with threat modelling. Primarily, businesses can quickly challenge their own cyber security strategy through an in-depth knowledge of internal posture and external threats, while the experience gained on the cyber security battlefield will bring more clarity and insight to the decisions the business makes.
Learning from Wannacry
To put this into a practical context, let’s go back to the much-talked-about WannaCry attack from last year. The attack itself began when an online criminal group released a set of hacking tools that included a zero-day vulnerability code called EternalBlue, which preys on a flaw in Microsoft systems and transmits malicious software from one Windows computer to another.
As the code began to spread quickly on a global level, a cyber security researcher decided to try and crack the code by understanding the modus operandi of similar attacks from the past. Eventually, the researcher found that the code was dependent on a domain name that acted as a kill switch: the code worked by first looking for the domain name, and if it was not found the ransomware would wreak havoc.
After discovering the domain name was unowned, the researcher quickly bought it and made it active, which then triggered the kill switch and stopped the malware from spreading any further. By taking the behaviour of previous criminals on board and applying it to this attack, the researcher was able to halt the attack quicker than anybody else could manage.
Ultimately, while accurate information is necessary to driving cyber defence, threat intelligence alone is not the solution to the problem. Fundamentally, the challenge is not about acquiring more information – it’s about translating that information into action.
To learn more about how cyber criminals operate and how businesses can stay protected, download our whitepaper “Looking beyond 2018: the future of cyber security” here.
To learn more about how Pulsant can help you protect your business click here.