For deeper insight into how the MITRE ATT&CK framework and Rapid7 can help your organisation prepare and plan for threat detection, we’ve produced a detailed guide you can access. Click the link below to access the full guide.
While the world has been hit with a series of tumultuous events in the first half of 2020, cybersecurity has never been far behind. Indeed, seek out any major event, and you’ll likely find some a threat actor looking to take advantage of the situation. COVID-19 for example, has brought with it a plethora of unsavoury attacks on organisations and individuals. Additionally, the high-profile nature of attacks becomes increasingly worrying too. The attack in June this year, on a whole host of political and private-sector organisations in Australia was purportedly carried out by a ‘sophisticated state-based cyber-actor’.
This comes off the back of a global IT security skills shortage, which has now surpassed over four million, according to the International Information System Security Certification Consortium (ISC)². A staggering 2.6 million of these positions need to be filled in the APAC region alone.
Helping to combat the threats and shortages, the Australian Government recently announced $748m in new cyber security initiatives. As part of that, the Government has committed to spending $470m to expand Australia’s cyber security workforce, creating more than 500 new jobs within the Australian Signals Directorate. In addition to the investment, and to help organisations better understand cybercriminal behaviour, the Australian Cyber Security Centre (ACSC) has investigated and responded to numerous cyber security incidents over the last 12 months. They’ve produced an advisory of notable tactics, techniques and procedures (TTPs) and to help, have summarised these in the framework of tactics and techniques provided by MITRE ATT&CK.
While these are all positive steps in the right direction, you still likely have many concerns as to how to protect your own organisation. With the conversation centred not on ‘if’ you’re targeted, but ‘when’ it’s going to happen.
How MITRE ATT&CK can help you manage and safeguard against threats
Successful and comprehensive threat detection requires understanding common adversary techniques, such as attacks posing a threat to your organisation, as well as how to detect and mitigate them. All good theory on paper, yet the practicalities of doing so are another question entirely. The sheer number and breadth of attack tactics make it almost impossible to monitor every single attack type.
Help is at hand however via the MITRE ATT&CK framework. It acts as a guide and knowledge base of adversary tactics and techniques to help you combat attackers. Going into immense detail as to exact steps and methods hackers use, it helps you and your team understand the actions that might be used against your organisation.
Below are three of what we believe to be some of your biggest considerations as you seek to combat would-be hackers; and how the ATT&CK framework helps:
1. Prioritise detections based on your organisation's unique environment
Even the most well-resourced teams cannot protect against all attack vectors equally. The ATT&CK framework offers a blueprint for you to focus your detection efforts. It explores the techniques, targeted platforms, and risks to help inform your security plan; and how the framework can be leveraged to track your progress over time.
2. Evaluate your current defenses
The framework helps you evaluate your current tools and depth of coverage around key attack techniques. There are different levels of telemetry applicable to each detection. By defining the priority threats, you can evaluate how your current coverage stacks up and the level of confidence you require in detection.
3. Track attacker groups
You may wish to prioritise tracking specific adversary group behaviours you know are of particular threat to your organisation. The good news is the ATT&CK framework is a living document, constantly evolving as new threats occur. This makes it a useful source of truth to track and understand the movements and techniques of hacker groups on an ongoing basis.
How you will benefit
While the ATT&CK framework has been around for a number of years, it’s gathered momentum of late as organisations seek to stay one step ahead of threat actors and the ever-growing number of threats happening globally. It also allows organisations, the government and individuals to share threat intelligence and work together too. By identifying the highest priority techniques, organisations like yours can better determine how to mitigate and detect them and thus, keep your organisation, its data and assets, safe.
For deeper insight into how the MITRE ATT&CK framework and Rapid7 can help your organisation prepare and plan for threat detection, we’ve produced a detailed guide you can access. Click the link below to access the full guide.