[…] As we uncovered in our report Mandiant Security Effectiveness Report 2020, looking across network, email and endpoint and cloud-based security controls, all too often, security controls are not performing as expected. Knowing this, security leaders need to ask themselves why are their controls not performing the way they’re supposed to, what are the risks associated with a gap in performance, and how do they fix it?
In order to protect an organization’s business critical assets, security teams need to think like a cyber adversary, because only by understanding their process can an organization be prepared and prevent an attack or breach before it happens. And the first step is understanding reconnaissance – the initial step of an intrusion.
As I discussed in our video blog Security Effectiveness Report: Reconnaissance (above), reconnaissance is when cyber adversaries plan their attack. They will spend time researching, identifying and selecting targets, and typically, they gather their intelligence from publicly available sources, such as Twitter, LinkedIn and corporate websites. We are also seeing passive reconnaissance, which includes scanning tools like network sniffers for wired and wireless networks, as well as port scanners. The cyber adversaries are scanning for vulnerabilities that can be exploited and map out those areas they can take advantage. In a nuthsell, attackers are looking for weaknesses.
So, what can organizations do to protect themselves? The answer is twofold: from a people side, companies must implement security awareness training, which goes back to an organization’s security culture, and from a technical perspective, companies need to perform continuous testing to validate that their controls are working. In today’s world, organizations must validate security effectiveness if they want to stop operating on assumptions, minimize risk and strengthen cyber hygiene. Only through automated, continuous monitoring and measurement against real-world attack behaviors can companies gain data-driven evidence and insights that validate security controls are working as they should.