Cyber Security: An Uphill Battle?

Rie Vainstein • August 19, 2024

Cyber Security: An Uphill Battle?

We are all aware of the need for securing our electronic, or cyber, environment. But not everyone is aware of how widespread the threat has become.



What/Who are Threat Actors?


Threat actors are unscrupulous individuals in the cybersecurity landscape. They are always looking for a way to gain access into our networks.

 

Threat actors can come from a variety of sources: they can simply be computer-literate individuals who love the challenge; they may be disgruntled employees who are annoyed at being separated from their company; they might be protestors who are angry about a corporate stance on a topic; they might be criminals who are intent on stealing data and selling it to make money; or the threat might come from a foreign state, through an organized program.


What Do They Want?


Your organization likely possesses or generates valuable data. Data is always of some value – whether it is customer contact information lists, specifics about manufacturing a product, know-how for a particular concept, corporate strategy, or anything else that can be gathered and sold to, or used by, others.

 

You may have limited cybersecurity protection, or you may have invested in a state-of-the-art system. Regardless of what you have or how well protected your data is, it isn’t going to stop the bad actors trying to get at it.

 

Who the threat actors are, determines what they might want. Their desired outcome can run the entire spectrum: they may want the excitement of trying to “break in” to your system – just to see if they can do it; they may be mad at the company and want to cause disruption to get revenge; or perhaps they are on a crusade and want to be an inconvenience your company in order to gain attention; they may simply want to sell your data for money; or they could have a more nefarious purpose.


How Can They Hurt My Organization?


For the most part, the standard high-level process of the way threat actors act may seem to be somewhat similar: they hunt to see where you are weak, they get in, they do their damage, and leave with their desired outcome.

 

You’ve seen ants. The insect. They are opportunists. They send their scouts off, alone or in twos, to hunt for tasty morsels of food. Once they find something that fits the bill, they report back and, before you know it, your kitchen is inundated with a thousand of the little critters! You will notice, however, that they all follow the scent trail left by the original scout.


A shadowy figure representing the threat of shadow IT.

So, too, do threat actors. The trail they follow isn’t scent, it is of weaknesses in your security posture. They follow the trail to access your environment, sometimes, without you even knowing they are there. They sneak in through the little hole in your baseboard and gobble up their desired tasty morsel before disappearing off again.

 

The trick to cyber security is in figuring out where the holes under your baseboards are located, and in watching carefully for any signs of little ant feet coming out from under them. You may have systems in place to alert you to the fact that the threat actors (ants) are on their way or already there. That’s great, but your job is to prevent them from getting their desired outcome - the “tasty morsel”.how they interrelate with any compliance requirements that must be met by the company.


What is Their Process?


To put it very succinctly, they generally follow a 4-step procedure*:


[1] Reconnaissance: this is the process of scanning your system to see where the weak areas are located. Weaknesses might be found in the software, the hardware, the physical environment, or even in the people.

 

[2] Infiltration: this is where the actual methods – the “techniques” – can be significantly different. According to IBM[1] “Attackers have a historical inclination to choose the path of least resistance in pursuit of their objectives.” This means that they will take advantage of any slip-up you make in your cybersecurity efforts. It only takes one instance of not implementing a security measure, due to either action or inaction, and they’ll be inside your environment doing things you may not be able to detect... until it is too late.

 

According to the MITRE ATT&CK[2] database, there are about 50 documented techniques, along with even more sub-techniques, of how they can gain access. The list includes things like phishing, drive-by compromise, brute force, man-in-the-middle, to name just a few.

 

[3] Activities: once they are inside your environment, what actions they take in can significantly differ, depending on their desired outcomes. They may move laterally to gain additional access privileges. They may place software that can be triggered at a later time. They may initiate a backdoor, so they can access your system whenever they want. The list of what they can do is pretty long.

 

In fact, the MITRE ATT&CK[2] database informs us that there are over 100 main documented activities, with an additional list of sub-techniques in which they can engage while they have access to your system.

 

[4] Then we arrive at their desired outcome. While they are in your environment, they could lock or encrypt your entire computer system until a ransom is paid. They might grab and download data to sell. In fact, there are over 40 categories of additional activities that MITRE ATT&CK[2] tells us that the bad actors can perform, ranging from account access removal, to firmware corruption, to system shut down, to data destruction.

 

Quite frankly, it is amazing that threat actors have been so busy in finding ways to access and manipulate our environments for negative purposes. Imagine how awesome things would be if they were working for us, on our side?!


*What threat actors actually do can be much more complex than the four steps noted above - but this is simplified for illustration purposes.

How Can We Stop Them? What Can We Do to Strengthen Our Security Posture?


This is a very positive question. A whole industry has evolved around stopping the threat actors from accessing environments that belong to other people: from hardware; to specialist software; to training humans and machines (including AI); to be aware of the environment and to detect when activities seem suspicious or deviate from the norm. There is a lot that can be done.

 

IBM[1] further noted, “84% of attacks could have been stopped with best practices and security fundamentals, such as asset and patch management, credential hardening, and the principle of least privilege.”

 

OWASP is an organization that aims to improve security and help protect applications from cyberattacks. From OWASP’s most recent report, one of the top 5 causes of incursion was security misconfiguration. When a security practitioner is under time pressure, perhaps while wearing multiple hats, mistakes are easily made. Unfortunately, bad actors are likely to be sitting behind the baseboards, watching, and waiting to capitalize on those mistakes so they can get their desired morsel.


Take Heart: You CAN Win


However, don't be too dismayed - the situation isn’t as grim as it seems. With preparation and thought you can help to fortify your environment against encroachment if you follow the basic principles of cyber security.

 

With the use of Generative AI to help develop scripts, which aid in speeding up the detection and response process, your time can be better spent in actively investigating suspicious activity.

 

If you aren’t confident in your knowledge, or need to brush up what you once knew... take a class. It will certainly help you feel better about the relevance of what you know and might give you some new ideas that you hadn’t thought of!


===

Sources:

[1] IBM XForce Threat Intelligence Index 2024

[2] MITRE ATT&CK https://attack.mitre.org/

[3] OWASP https://owasp.org/Top10/

===

How We Can Help

We provide either standard industry training classes or can customize a program to suit your specific needs and budget. Our trainings are always delivered by certified, expert instructors, virtually/online in real time.


You can view our Security Training portfolio here: https://www.nc-expert.com/training-classes-by-track#NetworkSecurity


You are welcome to enroll individual employees into our public classes. We can accommodate private groups virtually or in person at your site. Contact us for details.


You are welcome to visit our website homepage: https://www.nc-expert.com/

===


Empty headin

About NC-Expert

NC-Expert is a privately-held California corporation and is well established within the professional IT industry certification training, courseware development, and consulting markets.

 

NC-Expert has won numerous private contracts with Fortune level companies around the world. These customers depend on NC-Expert to train, advise, and mentor their staff.


If you are looking for the best in IT industry training then call us at (855) 941-2121 or sales@nc-expert.com today.

NC-Expert Blog

Troubleshooting Wireless Networks with Ekahau

By Phil Morgan March 13, 2025
Troubleshooting Wireless Networks with Ekahau: A Professional Engineer’s Guide Wireless networks have become the backbone of modern business infrastructure. From office environments to large-scale enterprises, ensuring a seamless wireless experience is essential for productivity. However, despite advancements in Wi-Fi technology, network performance issues often arise, ranging from signal interference and dead zones to capacity overloads and channel mismanagement. To tackle these issues efficiently, professional engineers rely on powerful tools. One such tool, Ekahau AI Pro, has become a gold standard in the wireless industry for troubleshooting and optimizing Wi-Fi networks. This blog delves into troubleshooting wireless networks using Ekahau tools, providing practical examples and technical insights to guide professional engineers in improving network performance.

Post-Quantum Cryptography: The Future of Digital Security?

By Rie Vainstein March 3, 2025
Futureproofing Our Security In our increasingly connected world, the security of digital information has never been more critical. From banking transactions to private communications, our data is constantly transmitted and stored across the internet. The current systems that protect this data rely on cryptography, a branch of mathematics that helps keep information secure by encoding it in ways that are difficult to decode without the proper key. However, with the rise of quantum computers, traditional cryptography is facing new and significant threats. This is where Post-Quantum Cryptography comes into play. What is Post-Quantum Cryptography? Post-Quantum Cryptography (PQC) [1] refers to cryptographic algorithms that are specifically designed to be secure against the power of quantum computers. Quantum computers, once they become practical, will be capable of solving complex mathematical problems much faster than classical computers. This will render many of the encryption methods we rely on today [such as RSA (Rivest, Shamir, and Adleman – initials of the inventors) and ECC (Elliptic Curve Cryptography)] vulnerable to attack. Quantum computers operate on quantum bits, or “qubits”, which can exist in multiple states simultaneously, unlike classical bits that are either a zer (0) or one (1). This allows quantum computers to perform certain calculations exponentially faster than classical computers. For example, in a matter of seconds, a quantum computer could potentially break an RSA key, which is considered secure by today’s standards. As quantum computing technology advances, the need for PQC becomes even more urgent.

Designing a Wi-Fi Network

By Phil Morgan February 27, 2025
Designing a Wi-Fi Network This is the first in a series of blogs on Wi-Fi operation, design, and troubleshooting. Designing a Wi-Fi network is much easier if you have the right procedures and tools in place. First you must collect data about the network: What are the requirements of the network? What is the goal of the new network? What is it meant to achieve? Are there any constraints you have to overcome? Next you have to decide what wireless vendor is being used? One of the most important things to get is an accurate map (or plan) of the site and the various floors.
Share by: