Faced with the daily barrage of reports on new security threats, it is important to keep in mind that while some are potentially disastrous, many are harmless or irrelevant to individual organizations.
It is crucial to remember that despite the daily deluge of reports on new security threats, many of them are harmless or irrelevant to particular organizations, even though some have the potential to be disastrous.
The specific threats that CISOs must prioritize in order to defend against frequently arise. In order to concentrate their efforts on pertinent threats, they must also assess their security strengths and weaknesses.
Media-driven distraction is a significant obstacle to maintaining focus. If threat X has been patched or because it is extremely unlikely to target an organization of their size or type, CISOs who are aware of their security posture can ignore the media noise.
“The advantages of adjusting security skill training to particular threats are obvious and ongoing. It enables an organization to craft clearly defined training goals, address pertinent risks with vigor and focus, and guarantee that every team member develops the necessary skills to recognize and counteract the most dangerous threats.”
How to Tailor Training
Being strategic is the best place to start; concentrate on the types of attackers who could or have threatened the organization, develop a profile of these foes, and pinpoint their equipment and strategies. The security team’s tools and abilities for fending off attackers should then be evaluated honestly and realistically, and any gaps or weaknesses should be filled.
The five major threat actor categories listed below, ranked by degree of sophistication, are accompanied by the corresponding countermeasures.
They frequently employ publicly accessible malware, credentials, and other low-skilled TTPs, making them amateurs or script kids.
In order to defend against these actors, automated machine detection using signature-based capabilities on an endpoint or network is frequently necessary.
Prudent Threat Actors
These actors, who are a little more sophisticated than the first tier of criminals, make use of paid or freely accessible credentials, malware, and other TTPs that are simple to use. Automated detection generally works, but occasionally a company will require more thorough configuration and log aggregation.
These criminals, who are frequently hacktivists, use modified free and premium tools. Many of the tools have strong interactive capabilities, including Metasploit and Cobalt Strike. For effective defense, it is necessary to have behavioral signatures and fundamental threat intelligence.
Nation-states and high-level criminal gangs are the actors in this scenario, and they make use of the capabilities and tools that they have developed internally.
These are senior attackers who are employed by nation-states. The best OPSEC for particular situations is part of their toolkit and capabilities. For effective defense including behavioral detection and in-depth manual analysis of the surroundings.
The following best practices can be used to create threat-centric security training once an organization has decided which class(es) of threat actors it must defend against.
Develop a detailed plan: A solid roadmap is always built on careful planning. An organization’s training plan is more likely to be successful the more time it invests in researching its needs, critically evaluating its resources, and speaking with partners and customers.
Objectively assess new threats: Chances are, not all new threats will affect a given organization, either because it has been remediated by a patch or other control, or it is simply irrelevant to the organization’s size or vertical industry.
Use industry resources to identify threats to the organization/vertical industry: The major security periodicals, the Verizon data breach incident report, and sector-specific ISAC threat intelligence feeds are some great sources.
Collaborate with training partners to transform the plan into action: Partners can offer not only insightful opinions but also practical guidance on how to carry out the assessment, reporting, and upskilling exercises.
Given the volume and variety of cyber risks that the typical organization faces, it is more critical than ever to customize security training to specific threats. A company can maximize the return on its training initiatives by concentrating on attack strategies and tactics that directly threaten the company.