Share this article on:
By Marcus Thompson
For years, cyber threats have increased in both scale and frequency, and the warning bells have sounded each time. Hospitals, telcos, logistics operators, mining companies, and universities have fallen victim to cyber-attacks, often crudely simplistic, that have crippled their ability to operate and exposed their customer’s information to the criminal world.
It’s unlikely the CEOs of those businesses thought they were vulnerable to a cyber-attack.
The threats are real, they’re active and they seek to do us real harm every day. There can no longer be any doubting that, or the potential for a large-scale cyber-attack against our growing critical infrastructure network.
So how do you know if you’ve got the right level of cyber protection? And where do you start.
The first step is to review your existing cyber security offering. Any comprehensive approach to cyber security must include the implementation of measures that address self-defence, passive-defence and active-defence.
None of these three defensive measures is a “silver bullet”, despite the claims of many vendors. Each must be addressed.
SELF DEFENCE
Self-defence, or in reality ‘self protection’, is everyone’s responsibility and relates to culture and awareness. This is the defensive measure where we educate our workforce to not click on the link in the phishing email, or plug a random USB stick into our system. Self-defence considers our vulnerability to socially engineered cyber-attacks, where information freely available to the Internet is used by a professional threat actor to attack us.
The aim of self-defence is to encourage people to perform the individual actions that contribute to the protection of themselves, their families, their friends and their organisation in cyberspace.
PASSIVE DEFENCE
Passive Defence is the defensive measure that is the fundamental basis for cyber security. It relates to network hygiene and is the responsibility of Chief Information Officers and system administrators. Passive defence includes firewalls and anti-virus. In the physical world, they’re like your locked doors and alarm systems – the foundations of good security.
Passive defence is the measure where those responsible for the organisation’s information technology (IT) and operating technology (OT) think about the defence of those systems. It considers compliance with the ASD ‘Essential Eight’, including patching of systems, whitelisting applications, encryption of data, and limiting the number of people with privileged or administrator rights system.
ACTIVE DEFENCE
Active-defence is the ultimate risk mitigation measure, and the layer of cyber security ParaFlare specialises in. It’s a highly specialised function that involves highly skilled and specialised ‘hunt teams’ operating inside the organisation’s IT and OT infrastructure, to actively detect, contain and resolve breaches of passive defensive measures.
Active-defence is often overlooked, but is a critical element of any comprehensive approach to the development and maintenance of cyber resilience.
Active-defence is a level of cyber protection that many businesses and organisations may be unaware they need; believe they already have; or be reluctant to invest in. With reports of new malware being available to threat actors every 7-12 seconds, it is not sufficient to rely only on passive defensive measures for an organisation’s cyber security. In this environment, it is not a question of if passive defence will fail – it is when.
That is why active-defence, along with self-defence and passive-defence, is a critical element of any comprehensive approach to cyber security.
To find out more about active cyber defence, or to review your own cyber security, contact the team at ParaFlare: [email protected] or call 1300 292 946.
Marcus Thompson, AM, PhD is a retired Australian Army Major General, whose final appointment was the inaugural Head of Information Warfare for the Australian Defence Force. His current appointments include Chief Strategy Adviser at ParaFlare.