Cyber-attacks are becoming more and more like the combat warfare seen in the early days of the invasion of Iraq and Afghanistan back in the early-2000s. They come in phases, fast, rapid and dominating most of the battlefield. Usually, if you can control the air, sea and land power, you can control the verdict of the war.
Cyber attackers seem to be exhibiting the behaviors of wartime strategy and implementing these phases in their own right. Phase one: recon and footprint. You have to know where your target and enemy are in order to be effective in war.
Phase two: take out the air defenses. In some cyber-attacks, it seems taking out the air involves degrading a web connection. This can be manifested in a DDoS attack.
Phase three: control the power. I think this phase has yet to pass; however, many are still worried that cyber-attackers could target power plants, utility companies and other infrastructure with the intent to cause physical damage.
It is important to pay some attention to not only the attacks that are going on but also the order of how they are being implemented. If the end user can get between the phases of the attacks and know what might be coming next, then the user has a chance.
They might be able to see what is coming next and be able to have a better reaction, embrace a proactive approach, and harden their systems by implementing last-minute patching and/or taking other security measures.
Take, for example, the most recent attack involving Google Drive where users clicked on a fake Google Drive link, a threat which then auto-populated to their contacts. I believe this is just the beginning of a long-position attack. The foot-printing and recon phase of the attacks hit users worldwide, gathering users’ emails and configurations.
So, the question is this: how do we combat against cyber-attacks, and what can we do about it?
Some would say there is nothing you can do about. It is recommended to stay vigilant and aware. I would recommend understanding and studying the overall layout of your business and develop a strategy of how you would attack your own business, at which point you will a baseline of measurement. Then go from there.
As Sun Tzu said: “If you know the enemy and know yourself, you need not fear the result of a hundred battles.”
Educating staff, users and businesses is just the tip of the iceberg. It is recommended to become a student of warfare, understand combat strategy and the phases, correlate these to your current business, and align these to reduce the potential risk.
That should involve implementing a proactive patching program, continual vulnerability management, and reviewing your information security layout once a quarter to ensure the business has adequate information security infrastructure in place.
About the Author: Ricoh Danielson is a U.S. Army Combat Veteran of Iraq and Afghanistan. As a digital forensic expert in cell phone forensics for high profile criminal and civil cases, Ricoh has a heavy passion for information security and digital forensic that led him to start up his firm (Fortitude Tech LLC) in the middle of law school to become Phoenix’s heavy hitting digital forensic power house.
He is also a graduate of Thomas Jefferson School of Law, Colorado Tech University, and UCLA Anderson School of Management.
Editor’s Note: The opinions expressed in this guest author article are solely those of the contributor, and do not necessarily reflect those of Tripwire, Inc.