Key report takeaways:
- The initial phases of the cyber killchain are merging to accelerate targeted attacks
- Industry and size are no longer reliable predictors of threat risk
- Attack automation and “spray and pray” techniques are aiming at everything with an IP address
- Cryptojacking is now rampant
- Web applications remain the primary point of initial attack
Impacts to the Heuristic Security model:
Based on takeaway’s 2 and 3 above, as well as my own experiences in my lab, I will shift the emphasis from preparing for industry specific risks to implementing countermeasures in a phased approach. Attacks are now so constant and so automated that to try and attribute them to specific actors and intents is a waste of time. If you have an accessible vulnerability, it will be attacked and exploited. Where is goes from there depends on who broke down your door first.
Some recommendations from the report that support the HS approach:
- Focus on cyber hygiene. All the advanced process and tech in the world are useless if you can’t keep implement basic controls consistently (such as patching).
- Focus on continuous, iterative, and incremental security improvements. A key HS recommendation. Start small, get something that works working – no matter how basic, and build from there.
- Embrace the three principles of security improvements: Assess, Detect, Respond. Could not agree more.