Cyber Security: An Uphill Battle?

Rie Vainstein • August 19, 2024

Cyber Security: An Uphill Battle?

We are all aware of the need for securing our electronic, or cyber, environment. But not everyone is aware of how widespread the threat has become.



What/Who are Threat Actors?


Threat actors are unscrupulous individuals in the cybersecurity landscape. They are always looking for a way to gain access into our networks.

 

Threat actors can come from a variety of sources: they can simply be computer-literate individuals who love the challenge; they may be disgruntled employees who are annoyed at being separated from their company; they might be protestors who are angry about a corporate stance on a topic; they might be criminals who are intent on stealing data and selling it to make money; or the threat might come from a foreign state, through an organized program.


What Do They Want?


Your organization likely possesses or generates valuable data. Data is always of some value – whether it is customer contact information lists, specifics about manufacturing a product, know-how for a particular concept, corporate strategy, or anything else that can be gathered and sold to, or used by, others.

 

You may have limited cybersecurity protection, or you may have invested in a state-of-the-art system. Regardless of what you have or how well protected your data is, it isn’t going to stop the bad actors trying to get at it.

 

Who the threat actors are, determines what they might want. Their desired outcome can run the entire spectrum: they may want the excitement of trying to “break in” to your system – just to see if they can do it; they may be mad at the company and want to cause disruption to get revenge; or perhaps they are on a crusade and want to be an inconvenience your company in order to gain attention; they may simply want to sell your data for money; or they could have a more nefarious purpose.


How Can They Hurt My Organization?


For the most part, the standard high-level process of the way threat actors act may seem to be somewhat similar: they hunt to see where you are weak, they get in, they do their damage, and leave with their desired outcome.

 

You’ve seen ants. The insect. They are opportunists. They send their scouts off, alone or in twos, to hunt for tasty morsels of food. Once they find something that fits the bill, they report back and, before you know it, your kitchen is inundated with a thousand of the little critters! You will notice, however, that they all follow the scent trail left by the original scout.


A shadowy figure representing the threat of shadow IT.

So, too, do threat actors. The trail they follow isn’t scent, it is of weaknesses in your security posture. They follow the trail to access your environment, sometimes, without you even knowing they are there. They sneak in through the little hole in your baseboard and gobble up their desired tasty morsel before disappearing off again.

 

The trick to cyber security is in figuring out where the holes under your baseboards are located, and in watching carefully for any signs of little ant feet coming out from under them. You may have systems in place to alert you to the fact that the threat actors (ants) are on their way or already there. That’s great, but your job is to prevent them from getting their desired outcome - the “tasty morsel”.how they interrelate with any compliance requirements that must be met by the company.


What is Their Process?


To put it very succinctly, they generally follow a 4-step procedure*:


[1] Reconnaissance: this is the process of scanning your system to see where the weak areas are located. Weaknesses might be found in the software, the hardware, the physical environment, or even in the people.

 

[2] Infiltration: this is where the actual methods – the “techniques” – can be significantly different. According to IBM[1] “Attackers have a historical inclination to choose the path of least resistance in pursuit of their objectives.” This means that they will take advantage of any slip-up you make in your cybersecurity efforts. It only takes one instance of not implementing a security measure, due to either action or inaction, and they’ll be inside your environment doing things you may not be able to detect... until it is too late.

 

According to the MITRE ATT&CK[2] database, there are about 50 documented techniques, along with even more sub-techniques, of how they can gain access. The list includes things like phishing, drive-by compromise, brute force, man-in-the-middle, to name just a few.

 

[3] Activities: once they are inside your environment, what actions they take in can significantly differ, depending on their desired outcomes. They may move laterally to gain additional access privileges. They may place software that can be triggered at a later time. They may initiate a backdoor, so they can access your system whenever they want. The list of what they can do is pretty long.

 

In fact, the MITRE ATT&CK[2] database informs us that there are over 100 main documented activities, with an additional list of sub-techniques in which they can engage while they have access to your system.

 

[4] Then we arrive at their desired outcome. While they are in your environment, they could lock or encrypt your entire computer system until a ransom is paid. They might grab and download data to sell. In fact, there are over 40 categories of additional activities that MITRE ATT&CK[2] tells us that the bad actors can perform, ranging from account access removal, to firmware corruption, to system shut down, to data destruction.

 

Quite frankly, it is amazing that threat actors have been so busy in finding ways to access and manipulate our environments for negative purposes. Imagine how awesome things would be if they were working for us, on our side?!


*What threat actors actually do can be much more complex than the four steps noted above - but this is simplified for illustration purposes.

How Can We Stop Them? What Can We Do to Strengthen Our Security Posture?


This is a very positive question. A whole industry has evolved around stopping the threat actors from accessing environments that belong to other people: from hardware; to specialist software; to training humans and machines (including AI); to be aware of the environment and to detect when activities seem suspicious or deviate from the norm. There is a lot that can be done.

 

IBM[1] further noted, “84% of attacks could have been stopped with best practices and security fundamentals, such as asset and patch management, credential hardening, and the principle of least privilege.”

 

OWASP is an organization that aims to improve security and help protect applications from cyberattacks. From OWASP’s most recent report, one of the top 5 causes of incursion was security misconfiguration. When a security practitioner is under time pressure, perhaps while wearing multiple hats, mistakes are easily made. Unfortunately, bad actors are likely to be sitting behind the baseboards, watching, and waiting to capitalize on those mistakes so they can get their desired morsel.


Take Heart: You CAN Win


However, don't be too dismayed - the situation isn’t as grim as it seems. With preparation and thought you can help to fortify your environment against encroachment if you follow the basic principles of cyber security.

 

With the use of Generative AI to help develop scripts, which aid in speeding up the detection and response process, your time can be better spent in actively investigating suspicious activity.

 

If you aren’t confident in your knowledge, or need to brush up what you once knew... take a class. It will certainly help you feel better about the relevance of what you know and might give you some new ideas that you hadn’t thought of!


===

Sources:

[1] IBM XForce Threat Intelligence Index 2024

[2] MITRE ATT&CK https://attack.mitre.org/

[3] OWASP https://owasp.org/Top10/

===

How We Can Help

We provide either standard industry training classes or can customize a program to suit your specific needs and budget. Our trainings are always delivered by certified, expert instructors, virtually/online in real time.


You can view our Security Training portfolio here: https://www.nc-expert.com/training-classes-by-track#NetworkSecurity


You are welcome to enroll individual employees into our public classes. We can accommodate private groups virtually or in person at your site. Contact us for details.


You are welcome to visit our website homepage: https://www.nc-expert.com/

===


Empty headin

About NC-Expert

NC-Expert is a privately-held California corporation and is well established within the professional IT industry certification training, courseware development, and consulting markets.

 

NC-Expert has won numerous private contracts with Fortune level companies around the world. These customers depend on NC-Expert to train, advise, and mentor their staff.


If you are looking for the best in IT industry training then call us at (855) 941-2121 or sales@nc-expert.com today.

NC-Expert Blog

The Realities of Transition Mode

By Phil Morgan February 11, 2025
The Grim Realities of Transition Mode Summary of a recent experience relating to Transition Mode. I have been quite vocal of my hatred of Transition Mode (for WPA3). We have a solution for this - dual SSIDs: https://wifisecuritywizard.com/general/problems-with-wpa3/ IMHO - Transition Mode is dumb! Turn on WPA3, and for everything that doesn’t support it, create a second SSID for now... while you upgrade everything! I have actually said “it’s 2025 for goodness sake, how many devices do you have that don’t do WPA3?!” Well, the other day, the universe decided to mess with me... Scenario: in one of our smaller offices, we are upgrading to Ubiquiti. I arrive on site, I upgrade the system, 5GHz only WPA3, everything is working great! I do one last check, and one of the users mentions, “Oh, the Brother color laser printer isn’t working.” (It’s a nice little device. Prints really well. Cheap to run.)

Frame Size and Wireshark

By Phil Morgan January 24, 2025
This blog is a write up of what was discussed at our AMA webinar session. (Link provided inline.)

The Importance of Training for IT Industry Certifications

By Rie Vainstein January 18, 2025
An Important Task The IT industry is one of the most competitive and dynamic sectors in today’s swiftly evolving technology landscape. Whether you are a seasoned professional seeking to advance your career, or a newcomer seeking to enter into the field, obtaining IT certifications can have a substantial impact on your trajectory. However, earning certifications is not just about passing exams, an important factor is the study and practice that goes into getting ready to sit the exam. Training for IT industry certifications is a critical investment, offering both technical and professional benefits that can pay dividends throughout your career. Enhancing Technical Expertise At its core, IT certification training is designed to deepen your understanding of critical technologies and concepts. Whether it's network administration, design, cybersecurity, or analysis and optimization, each certification offers an opportunity to master a specialized area within the IT environment. By engaging in structured training programs, you not only learn the theoretical aspects of a technology but also gain hands-on experience in applying it to real-world scenarios. For example, pursuing certifications like CWNP’s Certified Wireless Network Administrator (CWNA), CompTIA’s Network+, or Cisco’s Certified Network Associate (CCNA) requires you to develop a solid foundation in network management, administration, and troubleshooting. This level of expertise is often beyond what you would learn on the job without formal training, giving you the ability to perform tasks more efficiently and with greater confidence.
Share by: