Cyber espionage – top of the list – defence in depth as response

The latest research from Trend Micro Incorporated, reveals that 20% of global organisations rank cyber espionage as the most serious threat to their business, with a quarter (26%) struggling to keep up with the rapidly evolving threat landscape. In addition, one in five (20%) U.S. organisations have suffered a cyber espionage-related attack in the last year.

The research, which surveyed 2,402 enterprise IT decision makers across Europe and the U.S., shows cyber espionage topping the list of principal security concerns for 2017. Followed by targeted attacks (17%) and phishing (16%).
Businesses in Italy (36%), France (24%), Germany (20%) and Netherlands (17%) topped the list for regions who fear cyber espionage the most, which is notable in light of their respective elections taking place this year across Europe.

Various research and intelligence data show real fears of different state sponsored actors interfering in democratic processes around the globe – examples of which we can all probably recall.

There is no single solution for defence in Cyber Security. Organisations and vendors are excited about new defensive technologies but unfortunately – once a new defence technique is established it is quickly skilfully bypassed by attackers. Cyber threats are always fast evolving and unpredictable.

As enterprises try to defend against more than 500,000 new and unique threats created each day, DMZ IT have designed a multi-layer approach which is derived directly from military practice – Defence in Depth.

It consists of a multi-layer approach, sometimes referred to as a citadel concept. It is a multi-layered security approach that concentrates on visibility and control over endpoint, network, web, email, cloud and physical and hybrid cloud servers to speed up time to protect, detect and respond.

The principle of Defence in Depth is the creation of various multiple lines of defence requiring the attacker to breach them one by one. The most precious assets (similar to protecting the crown jewels) are stored in a tower (the most protected facility), when others are only surrounded by a single wall. This is similar to real-life IT Assets Protection. Our concept of layered defence is called CPR = Context, Prevention, Response.

Context – individual definition of objectives, identification and valuation of assets, and threat modelling

Prevention – Putting in place various security controls involving processes, technical solutions and organisational culture changes. The selection of controls is different for each asset group which significantly reduces overall cost. Our approach is to take a White List Approach – versus a Black List Approach – we identify the “good guys” (applications, processes, protocols) and treat everything else as an enemy (bad guys).

Response – because there is no silver bullet, and every possible defence may fail eventually, we value detection and preparation for it. We ensure that a breach detection is discovered and response administered rapidly, in accordance with our previously prepared battle plan, the attack is eradicated and consequences reversed. Of vital importance in this phase, are the lessons learned.

The expertise and experience of our staff, enable DMZ IT to rapidly adopt and deploy proven techniques and methodology to deal with modern threats and risks in cyber security.