Attack Path Mapping as Part of Smart Security Strategy
#apm #attackpathmapping #business #strategy
The fight against cybercriminals has historically been a defensive one. Companies would be as educated as possible, add firewalls and have professional IT Departments to detect any potential breaches as quickly as possible. However, that has all changed with attack path mapping (APM). There are now methods that can be instituted that can change a defensive posture to an offensive one.
The Power of APM
APM uses a combination approach to reveal the most likely methods that a cybercriminal can use for a breach. APM blends technology with in-person interviews to develop security testing protocols. The results of the testing can be a powerful tool to discover loopholes that criminals will target and allows a company to take control and make changes.
Mapping and Simulations
The process of APM creates a model of your organization to identify all functions for particular threat actors. The techniques and tools used simulate each attack type and allows internal actions to circumvent. However, a successful APM requires that you have team members to play the “devils’ advocate” or cybercriminal so that they can assist in discovering and fixing the weaknesses. The team members must be carefully selected as they are required to know and understand all of the tools used, the techniques of the criminal, and the impact a breach can have. Each staff member is interviewed and this contributes to the picture of the company as a whole. Since a majority of the company will be involved in one manner or another, it is imperative that everyone enters APM without any sense of fear.
Examples of Compromise
Some of the most common breaches in many companies happen innocently or by accident involving an employee. Many of these occurrences can be opening an email with a virus, sharing or not changing a password, or giving high-level network access to someone that shouldn’t have it. Other variables can involve third party vendors with interfaces and file sharing or outside firms involved in business transactions. An individual APM strategy is designed around each of these threat actors so that the teams can view the results and then make decisions of what needs to be altered in a proactive way for protection.
Be Prepared for Change
Many organizations bring in a professional cybersecurity company to assist them in setting up their APM. The process for analyzing the company and the various threat actors can be complex. The goal of APM is to identify as well as open the roadway for the changes that will be required to keep cybercriminals out. In some cases this process many involve realigning department responsibilities, adding new methods for backing up critical information/data, adding trained staff, and/or enhancing or upgrading technologies.
Originally published at https://davinciforensics.co.za on January 1, 2022.