Cyberattacks targeting national infrastructure and other organizations could have much less of an impact, or be stopped altogether, if cyber teams had a more cohesive comprehension of their environment. A lot of times, organizations struggle to monitor their networks because they often do not know what is there and what technologies are in place. This lack of oversight can allow hackers to sneak in under the radar and get into those systems without alerting the organization's cyber teams. In many cases, attackers can penetrate corporate networks, and remain there undetected for months. As reported by the Mandiant M-Trends report of 2019, the average dwell time for attackers was 56 days.
Arguably, these attackers have been able to get into the system and maintain their access for such an extended time because those responsible for defending the network do not always have a good grasp on what they are managing. What most people fail to understand about these attacks is that they do not happen instantly. An attacker might take months or even years to get the right levels of access and knowledge to ultimately be able to execute a destructive attack. In this way, a deep understanding of your network and being able to detect any suspicious or unexpected behavior can be vital in detecting and stopping intrusions.
As networks and organizations become more connected with the Internet of Things (IOT), knowing what is on your environment has become more crucial. The more devices we begin to integrate into our network, the higher the need will be for maintenance and repair on those devices. If these are not properly managed, these devices can be an easy access point for attackers to get into the network.
Organizations should move to be more pro-active in their defense. Segmentation, anti-virus, monitoring and alerting are all great things do, but should not be the end. Simulating attacks on your network can reveal areas or devices that may not have been previously considered. This method would also allow you to test your response plans and resolve any gaps that may present themselves in that exercise. One of the greatest advantages a defender should have is to know their network better than the attacker. This can be a heavy lift for even some of the largest organizations, but if you happen to need some assistance in getting the train moving, reach out to the SEQ|OPS team for guidance, we can help!
Link to Mandiant study: