Identify your "vital ground" or your cyber effort is wasted

Tom Allen
clock • 3 min read
Have a plan for recovery, and then have a backup plan for when the first falls through
Image:

Have a plan for recovery, and then have a backup plan for when the first falls through

And the road to recovery is to plan, plan and plan again

When it comes to cybersecurity, knowledge is the first step in protecting yourself. 

Knowledge of your enemies, and of your own vulnerabilities. 

That was the message from Philip Ingram, a former senior officer in British Military Intelligence speaking at the Cybersecurity Festival last week. 

"If you know what they're after, that means you understand whether you're going to be targeted," he told delegates. 

"The thing that drives China is economics, money, intellectual property. if you can save billions of dollars by stealing someone else's development work, and then you just have to manufacture it, you've saved yourself billions of dollars and you can then use that to get out into the market in a much quicker way and get economic advantage. So, everything that drives China's attacks is economic advantage." 

In a similar way, Russian cyberattacks are driven by influence, both political and military, while North Korea is motivated purely by making money - mostly through cryptocurrency to avoid sanctions - to fund the ruling class's lifestyle. 

"I have a problem with Kim Jong Un. How can a country that doesn't allow its citizens to go to university...become a Tier 2 player? There are only two internet pipelines into North Korea. One of them...goes to China; the other one...goes through Russia." 

Ingram believes Russia and China are using North Korea as a patsy, launching attacks their victims will attribute to the isolated state to gain plausible deniability. Again - good knowledge to have, or even suspect. 

Why is knowing what attackers are after relevant for a defender? For the same reason knowing about attack vectors and methodologies is important: to defend against them. Knowing what the threat is and, just as importantly, what the attacker is after will immediately tell you if you are a target of interest. 

If you determine that you are a potential target, the next step is to identify "your vital ground or key terrain - the bit you cannot operate without." 

"If you can't identify it you're wasting a lot of effort," said Ingram. 

And, of course, you can't forget about your vulnerabilities: your people, systems and network. Ingram showed off a device called Flipper, a multi-device hacking tool built using open-source tech, small enough to fit in a pocket. 

"How many of us have policies that would actually look for devices like this on our employees?" 

The road to recovery 

So, you've identified your main threats, your vulnerabilities and your vital ground. What's the next step? To prepare for the inevitable breach, because even if you know everything about your network, no-one can ever be 100% sure they're safe. 

Have a plan for recovery, and then have a backup plan for when the first falls through. It sounds like a lot of work, but preparing to manage the reputational fallout will pay dividends. 

"You can recover from the technical side of a cyberattack relatively quickly, but trying to recover a reputation can take years." 

Hacking groups like Anonymous, realising how damaging it can be, have moved on to attacking companies' reputations directly by releasing data from companies they have breached, or calling them out online for what are seen as shady practices (for example, continuing to operate in Russia). 

Knowledge, Ingram reiterated, is the key to it all. Determine if you're a target and use that to refine your preparedness - rather than just thinking about what a threat vector is. 

You may also like
UK gym chain Total Fitness leaks personal images online

Hacking

Other leaked data includes ID documents, payment information and phone numbers

clock 18 June 2024 • 2 min read
Cyber gang shifts focus to SaaS apps

Security

‘Scattered Spider’ is targeting vSphere, Salesforce, Crowdstrike and more

clock 18 June 2024 • 2 min read
Dutch NCSC warns of ongoing Chinese FortiGate attacks

Hacking

About 14,000 firewalls breached before Fortinet knew about the flaw

clock 14 June 2024 • 3 min read
Most read
03

Arm tries to block Copilot+ PC lauch

18 June 2024 • 2 min read
04

Cyber gang shifts focus to SaaS apps

18 June 2024 • 2 min read
05

Sign up to our newsletter

The best news, stories, features and photos from the day in one perfectly formed email.

More on Security

Cyber gang shifts focus to SaaS apps

Cyber gang shifts focus to SaaS apps

‘Scattered Spider’ is targeting vSphere, Salesforce, Crowdstrike and more

Vikki Davies
clock 18 June 2024 • 2 min read
Microsoft June Patch Tuesday has fixes for Windows, Outlook and SharePoint

Microsoft June Patch Tuesday has fixes for Windows, Outlook and SharePoint

A relatively quiet month

John Leonard
clock 12 June 2024 • 2 min read
Cloud encryption rates are disastrously low, research

Cloud encryption rates are disastrously low, research

Come on in, the door's open

John Leonard
clock 05 June 2024 • 2 min read