While it seems almost cliché now, we are living in unprecedented times. The global pandemic has forced organisations everywhere to deal not only with health and supply-chain challenges, but also with increasing political turmoil that can negatively impact ongoing operations. And with the military action in Ukraine, evidence of widespread defacement of government websites, and targeted attacks against government agencies and financial institutions in the region serving as yet another layer of risk to deal with, it has never been more important to be on top of your security game.
Keep focused on the attack surface
While every organisation will have their own definition of what risk means to them, the ability to understand, communicate, and mitigate that risk is critical to being resilient in the face of the global events unfolding. In order to understand your risk, you first need to understand your attack surface—where can risk be introduced in the digital platform that makes up how your organisation runs?
Once you know what your attack surface is, you need the tools to both assess the risk and then mitigate it. Given that the attack surface is constantly changing, it really is a lifecycle—an attack surface risk management lifecycle—that needs the right tools in place to help with cyber resilience.
Managing risk with security best practices
With so much diversity in the attack surface, it’s important to leverage security best practices to manage your cyber risk. Organisations should:
- Ensure your systems are updated (especially security solutions) with the latest critical patches and versions. These are a critical part of your attack surface.
- Make sure you have configured your security solutions according to best practices from the vendor, including widespread use of multi-factor authentication. For Trend Micro solutions, ensure you are leveraging the latest sophisticated security capabilities like machine learning, behaviour monitoring, application control, and more. Get advice here: https://success.trendmicro.com
- As outlined in real-world testing activities like the Mitre Engenuity ATT&CK evalutions, being able to detect and respond across layers to a cyber attack is a fundamental requirement for managing cyber risk. If you are not using some form of extended detection and response (XDR) or managed XDR today, you need to put something in place immediately. Without this type of visibility and ability to respond to attacks, you are at significantly higher risk.
- Pay close attention to unrecognised network traffic (both inbound and outbound) and watch for sophisticated new phishing attacks. Follow-up quickly on security alerts and conduct more close investigation as necessary.
- Where possible, reduce your attack surface. Whether a financially motivated group, a nation state, or an advanced group that behaves like one, attackers facing a smaller attack surface along with the greater visibility in #3 mean a stronger security and reduced risk. How to do that? Reducing attack surface includes patching and Zero Trust techniques for better posture, including knowing the true state of identities, devices, cloud assets, and things.
Following these best practices will help you to better manage the cyber risk that your organisation is facing, regardless of the unknowns that we are all dealing with today—and tomorrow.
Our research teams and threat hunters will work vigilantly to monitor and identify any new threat intelligence and will continue to share updates here: trendmicro.com/ukrainecrisis.
This blog has been revised to include new facts that have been released since the original posting.