Understand your own systems before hackers strike

GitHub met en garde les développeurs Java contre les nouveaux logiciels malveillants qui empoisonnent les projets NetBeans Cybersecurity

Cyber ​​attacks on critical national infrastructure and other organizations could be stopped before having any impact if the security teams had a better understanding of their own networks. This may seem obvious, but in many cases, cybercriminals and hackers have entered corporate networks and stayed there for a long time without being detected.

Some of these campaigns involve intrusions into critical infrastructure, where malicious hackers could cause damage that could have serious consequences.

But hackers were only able to put themselves in a position of strength because those responsible for defending networks do not always have perfect control of what they manage. “This is what people often misunderstand about attacks – they don’t happen at the speed of light, it often takes months or years to get the right level of access in a network and ultimately to being able to push the trigger and cause a destructive act, “says Dmitri Alperovitch, executive president of the Silverado Policy Accelerator and co-founder and former technical director of CrowdStrike.

In-depth knowledge of networks

This means that in-depth knowledge of your network and the ability to detect suspicious or unexpected behavior can go a long way to detecting and stopping intrusions. “Defense can work if you have time. If you look inside your systems, search for opponents and apply information, you are able to discover it even if it comes in, before it does any damage, ”adds Dmitri Alperovitch.

Knowing what is on the network has become even more crucial in recent years as industrial environments have become more and more connected with sensors and monitors from the Internet of Things. These devices are useful to infrastructure providers because they allow better monitoring of the efficiency, maintenance and repair of systems, but if they are not properly managed, they could be weak points for attackers who want to access the network.

“We need to do proactive testing,” says Annessa McKenzie, vice president of IT and CSO Calpine, an American power company. “We have to develop this capacity to go with this confidence so that before there is a breach, we have at least a basic understanding of this environment,” says Annessa McKenzie. “Because when we go blind, what should take days to respond takes weeks, sometimes months – and we never really understand what happened.”

Think like hackers

Organizations should also try to think like hackers; by thinking about the network and how an attack could exploit it, security teams could discover unexpected ways that hackers could use to exploit the network.

“Many companies are implementing segmentation, surveillance, anti-virus – these are not bad things – but I think too few are focusing on what the attack will look like,” says Rob Lee, CEO and co-founder of Dragos, the industrial security provider that hosted the online discussion on securing critical infrastructure. “Let’s work backwards. What type of response do we want to have? Do we want to restart the factory? So we’re going to have to understand the root cause analysis. ”

By looking at the network in this way, says Rob Lee, organizations responsible for industrial control systems can understand the requirements that the network needs for security – and by doing so, those responsible for critical infrastructure can help everyone by detailing what they find in government. “The SCI community has the ability to look backwards and educate government on what it will look like. That’s when government can make an impact, ”says Lee.

Involve manufacturers

With the right tools and the right skills available,
government intervention could help strengthen the
cybersecurity in critical infrastructure by providing
organizations an environment allowing them to share
information on attacks and best protection practices
networks. “They could create a platform for companies to come together and exchange best practices and assistance, and perhaps even host some sort of joint public-private response capacity.” It would help move things forward, ”said Michael Chertoff, former US homeland security secretary and co-founder and executive chairman of the Chertoff Group, a security and risk consulting firm.

It also suggests that the responsibility for security should not rest solely with infrastructure providers and other organizations, but that the companies that build the specialized systems and connected parts used in these environments should also take some responsibility if turns out to be inherently insecure or vulnerable to cyber attacks. Currently, one of the arguments put forward by the manufacturers is that “it’s not our problem, we just give you what you need, you pay,” says Michael Chertoff.

By combining these elements and a good knowledge of the network aspect, providers of infrastructure and public services, in particular, can play an important role in avoiding getting caught up in hacking campaigns and cyber attacks. But in many cases, there is still a long way to go before this is the case.

“The biggest advantage of defenders is that they know their environment better than an opponent – which is not always true, unfortunately if the right tools and the right skills are not in the organization,” says Dmitri Alperovitch . “But if they do, that’s when they have the upper hand and they detect an opponent and eject it before the damage is done.”

Source: ZDNet.com

Source: www.zdnet.fr

Rate article