Identify your "vital ground" or your cyber effort is wasted

Tom Allen
clock • 3 min read
Have a plan for recovery, and then have a backup plan for when the first falls through
Image:

Have a plan for recovery, and then have a backup plan for when the first falls through

And the road to recovery is to plan, plan and plan again

When it comes to cybersecurity, knowledge is the first step in protecting yourself. 

Knowledge of your enemies, and of your own vulnerabilities. 

That was the message from Philip Ingram, a former senior officer in British Military Intelligence speaking at the Cybersecurity Festival last week. 

"If you know what they're after, that means you understand whether you're going to be targeted," he told delegates. 

"The thing that drives China is economics, money, intellectual property. if you can save billions of dollars by stealing someone else's development work, and then you just have to manufacture it, you've saved yourself billions of dollars and you can then use that to get out into the market in a much quicker way and get economic advantage. So, everything that drives China's attacks is economic advantage." 

In a similar way, Russian cyberattacks are driven by influence, both political and military, while North Korea is motivated purely by making money - mostly through cryptocurrency to avoid sanctions - to fund the ruling class's lifestyle. 

"I have a problem with Kim Jong Un. How can a country that doesn't allow its citizens to go to university...become a Tier 2 player? There are only two internet pipelines into North Korea. One of them...goes to China; the other one...goes through Russia." 

Ingram believes Russia and China are using North Korea as a patsy, launching attacks their victims will attribute to the isolated state to gain plausible deniability. Again - good knowledge to have, or even suspect. 

Why is knowing what attackers are after relevant for a defender? For the same reason knowing about attack vectors and methodologies is important: to defend against them. Knowing what the threat is and, just as importantly, what the attacker is after will immediately tell you if you are a target of interest. 

If you determine that you are a potential target, the next step is to identify "your vital ground or key terrain - the bit you cannot operate without." 

"If you can't identify it you're wasting a lot of effort," said Ingram. 

And, of course, you can't forget about your vulnerabilities: your people, systems and network. Ingram showed off a device called Flipper, a multi-device hacking tool built using open-source tech, small enough to fit in a pocket. 

"How many of us have policies that would actually look for devices like this on our employees?" 

The road to recovery 

So, you've identified your main threats, your vulnerabilities and your vital ground. What's the next step? To prepare for the inevitable breach, because even if you know everything about your network, no-one can ever be 100% sure they're safe. 

Have a plan for recovery, and then have a backup plan for when the first falls through. It sounds like a lot of work, but preparing to manage the reputational fallout will pay dividends. 

"You can recover from the technical side of a cyberattack relatively quickly, but trying to recover a reputation can take years." 

Hacking groups like Anonymous, realising how damaging it can be, have moved on to attacking companies' reputations directly by releasing data from companies they have breached, or calling them out online for what are seen as shady practices (for example, continuing to operate in Russia). 

Knowledge, Ingram reiterated, is the key to it all. Determine if you're a target and use that to refine your preparedness - rather than just thinking about what a threat vector is. 

You may also like
Operation Cronos: NCA reveals details of LockBit affiliates

Threats and Risks

Operation has been crippled - for now

clock 22 February 2024 • 3 min read
Law enforcement takes down LockBit - updated

Security

NCA among the groups under 'Operation Cronos'

clock 20 February 2024 • 2 min read
Microsoft's chief security advisor joins Cybersecurity Festival 2024

Security

Sarah Armstrong-Smith will talk AI in security

clock 19 February 2024 • 1 min read
Most read

Sign up to our newsletter

The best news, stories, features and photos from the day in one perfectly formed email.

More on Security

Law enforcement takes down LockBit - updated

Law enforcement takes down LockBit - updated

NCA among the groups under 'Operation Cronos'

Tom Allen
clock 20 February 2024 • 2 min read
Microsoft's chief security advisor joins Cybersecurity Festival 2024

Microsoft's chief security advisor joins Cybersecurity Festival 2024

Sarah Armstrong-Smith will talk AI in security

Tom Allen
clock 19 February 2024 • 1 min read
Microsoft announces critical zero-day Exchange bug

Microsoft announces critical zero-day Exchange bug

Enables remote control of Exchange Server

Vikki Davies
clock 16 February 2024 • 1 min read