For better or worse, we have all been captivated by the SolarWinds attack, given its sophistication and the patience attackers demonstrated.
One undeniable aspect of the attack is this: if a malicious nation-state actor wants to compromise a network, they will find a way.
“...if a malicious nation-state actor wants to compromise a network, they will find a way.”
We have seen plenty of large enterprises, each with strong security teams, hit by attacks and ransomware over the years. It is clear that we can’t preempt every attack. As we’ve said for the past decade, defenders must be right every time in order to stop every attack attempt. The bad guys need to be right only once. All they need to do is find a single misconfigured internet-facing server or get one well-meaning employee to open a phishing email.
However, we are not without options in the face of these kinds of attacks: fortunately for us, controls that assume breach can eventually frustrate and sour attackers at the discovery, C&C, or lateral movement phases of an attack.
Resources like the MITRE ATT&CK Framework are excellent tools to understand the attack chain employed by attackers. ATT&CK delivers a vital examination of attacker tactics, techniques, and procedures. This spans the techniques used to gain initial access to discovery, where attackers attempt to map and understand an environment, to the C&C activity, and to the lateral movement used to spread from one compromised system to many. With a strong understanding of how attackers operate, defenders can then deploy the right Zero Trust controls to complement what is on the perimeter.
Importantly, all this is predicated on a single assumption: attacks will be successful, so we must assume breach. Naturally, this means that we must bolster threat-centric perimeter technologies on endpoints, networks, and email with technologies that frustrate attackers once they are inside.
Here is the rub: most of us are not even aware of ATT&CK and what it can do for cybersecurity. In fact, just 37% of respondents are even familiar with it.
We were also curious: of those who were aware of ATT&CK, how many actually put its advice into practice?
“Do you use the MITRE ATT&CK Framework to inform your security approaches, responses or mitigations?”
Not many at all.
Of the 37% who were aware of the framework, only 42% actually use it to inform and improve their security. That is, only 16% of those surveyed actually rely on the MITRE ATT&CK framework to inform how they plan for attacks and array security controls.
We know, like we said above, that if a competent malicious actor wants in, they will find a way in. We have to account for that. And if only 16% actually use ATT&CK, we have to wonder how well we do this.
We encourage everyone to become better prepared and become familiar with the framework: https://attack.mitre.org/. And if you’re interested in learning even more, check out: Efficacy of Micro-Segmentation: Assessment Report
Wondering how your organization ranks in preparedness for a return to the office? And wondering what can you do to protect your business, whether employees are on or off the campus network? Download a copy of the report for more on our findings and insights: Security Risks 2021: Ransomware and the Return to the Office.