Take These Small Steps to Stop Cyber Attacks From Creating Big Problems for You

At a time when remote work and its increased security risks have become the norm, ongoing difficulty in safeguarding corporate networks suggests that the status quo isn’t working. That’s why IT security teams are moving from a passive to an active approach. The MITRE Corporation (a nonprofit that manages federally funded research and development centers) recently introduced its Shield framework, in which it clearly states that active defense is critical in overcoming today’s threats. Business leaders who know the latest strategies and recommendations place their companies in a strong position to remain secure.

Related: The How-To: Protecting Your Intellectual Property As A Small Business

The concept of active defense

Shield is an active defense knowledge base developed from over a decade of enemy engagement. With it, MITRE is trying to gather and organize what it has been learning with respect to active defense and adversary engagement. This information ranges from high-level, CISO-ready considerations of opportunities and objectives to more practitioner-focused conversations of the tactics, techniques and procedures defenders can use. This latest framework is aimed at encouraging discussion about active defense,  how it can be used, and what security teams need to know.

Defining active defense

Active defense covers a swathe of activities, including engaging the adversary, basic cyber defensive capabilities and cyber deception. This entails the use of limited offensive action and counterattacks to prevent an adversary from taking digital territory or assets. Taken together, these activities enable IT teams to stop current attacks as well as get more insight into the perpertrator. Then they can prepare more fully for future attacks.

As MITRE notes, the modern security stack must include deception capabilities to truly deter and manage adversaries. In Shield’s new tactic and technique mapping, deception is prominent across eight active defense tactics—channel, collect, contain, detect, disrupt, facilitate, legitimize and test—along with 33 defensive techniques.

Related: Cybersecurity Implementation And Future Strategies For Enterprises

The truth about deception

Threat actors are targeting enterprise networks nonstop, anyone from nation-state attackers seeing proprietary information to more run-of-the-mill criminals looking to cause chaos and obtain some PII they can exploit. Analysts estimate that critical breaches of enterprise networks have increased by a factor of three to six, depending on the targets.

As leaders consider their security strategy,  they need to not only understand what active defense means but also what deception actually is. A prevailing misconception is that deception is synonymous with honeypots, which have been around for a long time and are no longer effective. And to make them as realistic as possible requires a lot of management so that if attackers engage with a honeypot, they won’t be able to detect that it is not a real system and therefore know they’re in the middle of getting caught.

So, it’s time to clear up that notion. In truth, deception technology and honeypots are not synonymous. That’s how deception began, but it has evolved significantly since then. Today’s deception takes the breadcrumb/deceptive artifact approach that leads attackers on a false trail, which triggers alerts so that defenders can find and stop the attackers in real time. Only unauthorized users know the deceptions exist, as they don’t have any effect on everyday systems, so false positives are dramatically reduced. These aspects of deception technology add financial value to the IT security organization.

In addition, some organizations wrongly perceive that deception is too complex and yields comparatively little ROI. Security organizations could enjoy the benefit of using deception technology – which is lightweight and has a low cost of maintenance – but some are hesitant because they think it’s an overwhelming, complex approach that they won’t get enough value from. However, using technology assists like automation and AI, deception eliminates the complexity it has been previously known for.

Organizations tend to think of deception from a technology standpoint, but that’s wrong; it should be thought about from a use case standpoint. For instance, detection is a fundamental element of any security program. Everyone needs better detection capabilities – part and parcel of what today’s deception tools do.

A stronger defense

As cybercriminals’ tactics and tools continue to change, so must defenders’. An expanded threat landscape and new attack types make this job tougher than ever. Many organizations around the world were thrust into rapid digital transformation this year, which created security gaps for bad actors to exploit. The events of 2020 highlight the need for a better approach to securing critical assets. Active defense is part of that approach, as outlined in the MITRE Shield framework. Deception technology is an agile solution worthy of incorporation into an organization’s security strategy.

Related: 5 Types of Business Data Hackers Can’t Wait to Get Their Hands On

Source: https://www.entrepreneur.com/


Global Business

How To Go Global With Your Business

How a brand can prepare to go global and what they should consider before setting foot across the sea. Chris Porteous | 6 min read YouTube

Buy on YouTube? The platform is testing a sales tool

By clicking on the “super bag”, users will be redirected to a purchase page where the products, related videos and sale options will be located. Entrepreneur en Español | 1 min read Blue Origin

Jeff Bezos wants to send passengers into space in April: report

Blue Origin, the Amazon co-founder’s space exploration company, would take people into space on its New Shepard ship. Entrepreneur en Español | 1 min read How to Become a Millionaire

Survey: The Top 9 Books Recommended by Millionaires

So you want to be a millionaire? Start reading like one. Hayden Field | 1 min read Marketing

4 trends that will mark digital marketing in 2021

One of the biggest challenges advertisers and media will face in 2021 is being able to communicate with consumers and transact effectively in a cookie-free world. Entrepreneur en Español | 5 min read Success Stories

Mike Ling Came to America to Study Medicine. Now He Runs a Successful Fitness-Tech Company. It All Came Down to Passion.

The 43-year-old FitTime founder sheds light on how a plant-based diet, meditation and Jiu-Jitsu helped him become sturdier and more successful. Kenny Au | 6 min read News and Trends

Will I Get a Stimulus Check? What You Need to Know About the Second Round of Payments.

Here’s what you need to know about stimulus check payments. Megan Pratz | 6 min read News and Trends

Taco Bell Is Working With Beyond Meat to Create a New Plant-Based Protein

Another kind of not-meat is coming to Taco Bell this year. Igor Bonifacic | 2 min read News and Trends

Instacart Offers Employees $25 to Get COVID-19 Vaccine

Eligible workers won’t have to choose between earning income and getting vaccinated. Stephanie Mlot | 2 min read


Ben Lovegrove

How to protect yourself against cyber attacks during an age in which we all have to be educated and vigilant at home and at work. Download your copy of Roboform Password Manager for personal and business use: http://ow.ly/o1A530qhvNa In this video I describe some ways in which you can protect yourself and your assets against cyber attacks. It’s not an exaggeration to state that we are in the midst of an epidemic of cyber crime. Even if you take the reported cases at face value it’s bad enough but there are reasons to suspect that the actual situation is much worse because so much is not reported. The police are under resourced, investigations are complex, and consequently the criminals feel empowered to continue and to step up their attacks.

So the onus is on us as individuals and business to strengthen our defences and to mitigate the risks by taking the essential precautions. Some of these tips may seem obvious and yet it’s amazing how many people fail to act on this type of advice. 1: Use strong and unique passwords. Yes, I know, logging in (and clicking away the cookie notice) is a pain but it can be semi automated with a good password manager. I’ve used Roboform for years (see link below) and it includes a tool that will generate cryptic passwords containing a mix of numbers, symbols, and letters in upper and lower case. These are stored in an encrypted file which is synchronised across all my devices; PC, laptops, mobile phones. You should use long, unique, and cryptic passwords of 12 characters or more for everything that requires you to log in – not just your pension account or favourite shopping site, but also the broadband router on your home network – everything. If the log-in process includes the option to send a passcode to your mobile phone then enable it and use it. 2: Be aware of data breaches and react to them. Even with a strong password your details may be compromised if a company fails to protect their network and thieves hack in and steal data. If you see any such reports in the press check to see if you have an account with the company and if you do, change your passwords immediately. This won’t stop you details being sold on the Dark Web but it will prevent anyone from using your now compromised password. Meanwhile, remain vigilant for any calls, mails, or other signs that your identity is being used by a criminal. Continued in the video…

My recommended products on Amazon.com: https://www.amazon.com/shop/benlovegrove My recommended products on Amazon.co.uk: https://www.amazon.co.uk/shop/benlove… My YouTube Channel Information: Subscribe to my channel: https://goo.gl/FhzGmn My most recent upload: https://goo.gl/ujZ7ms My most popular upload: https://goo.gl/ThKf7y My Playlists: Flight Training, Private & Commercial Pilot: https://goo.gl/EuD7wt Learn To Fly, Get Your Pilot’s Licence: https://goo.gl/6Z6h6P General Aviation: https://goo.gl/p8MLZY Aviation Careers: https://goo.gl/bhZWXL Career Training & Business Tools: https://goo.gl/rh9P46 My Social Media Links: Twitter: https://twitter.com/BensBookmarks Instagram: https://www.instagram.com/ben_lovegro… Facebook: https://www.facebook.com/redspansolut… My Secrets Revealed: I create these videos using Vidnami: http://ow.ly/lu1e30qRlhC I optimise these videos using TubeBuddy: http://ow.ly/x7yH30qRlhU Contact me: Go to my channel homepage and click on the About tab to reveal my email address: https://wwww.youtube.com/c/benlovegrove Show your support: Sponsor more videos like this: https://www.patreon.com/redspan Consider leaving a tip: https://paypal.me/redspan Bespoke videos made for you: https://goo.gl/22u4R6 Acknowledgements: This presentation contains images that were used under a Creative Commons License. Click here to see the full list of images & attributions: https://app.contentsamurai.com/cc/734825 This presentation may also include video clips licensed under the Creative Commons Zero (CC0) license and/or video clips of our own.

Leave a Reply

This site uses Akismet to reduce spam. Learn how your comment data is processed.