ISMS and the Quest for Network Dominance

Years ago, if you ever had the unfortunate circumstance of crossing paths with me, I was your cyber security incident. While you were trying to run a business, I broke into your network, usually through a poorly guarded Terminal Services login, and I did it for glory.


By the time you noticed the suspicious activity, I had already dropped several backdoors, and opened access to the systems on your network through Telnet, masquerading my illicit access through a legitimate service and port, in case you found my trojans.


What’s funny is, you would have been able to stop me if you had a qualified and competent incident response team. Armed with an Information Security Management System (ISMS), you would have had an organized and effective response and saw me coming and prevented a break-in.


Your ISMS would have alerted you on several factors, long before I showed up. Such as my port scans, as I was trying to find a poorly protected service running on your network. The pings from my TCP/IP scan. The attempts created the erroneous login requests on port 3389 and the subsequent Event logs.


The ISMS would have suggested closing any unused ports, but because you didn’t, I found them all. It would have also alerted you of any applications I altered. The changes to your Telnet policies. You could have blocked the entire attack as soon as the ISMS detected the malicious activity - but you didn’t.


For this reason, I moved quickly, ensuring that the integrity of my hard work was preserved and that I maintained access to the network. I moved faster than you could. That’s because I knew I was there before you did - if you ever knew.


If you think you’re ready for a cyber security incident like me, I’d be seriously dubious of your confidence. Because what doesn’t attack remotely from the web, can also occur from an insider threat, regardless of the intent of the actor.



Information Security Management System


Let’s take a look at the standard functions an ISMS offers. At its root, it’s a framework of policies and controls that empowers companies to manage security and risks systematically across their entire enterprise.


These controls can execute procedural rules autonomously, or be configured with specific protocols most applicable to your industry. From suspicious activity detected abroad to finding vulnerabilities extant on your network and web applications to active risks demanding immediate attention - risk assessment and risk management is at its core.


Let’s sum it up into two simple words: risk mitigation. After all, you’re going to want to mitigate the focus of a cyber attack while it's still in the beginning risk stages, not once it's escalated into a crisis.


Ideally, mitigation doesn’t begin at the start of an incident. It starts with prevention. 70% of small businesses aren’t prepared at all for a cyber attack.



Combatting Unknown Variables


According to recent cybercrime statistics published by Dataprot, threat actors caused $6 trillion in damage this year. This year alone, the sheer bulk of botnet attacks have been targeting the financial sector. The statistics and predictions for the following years are pretty alarming.


Furthermore, 70% of small businesses are completely unprepared for a cyber attack. Don’t become a statistic. What’s more, 88% of sophisticated threat actors can penetrate into the systems of an organization in under 12 hours.


The gist of the tone here is simple: things are going to get worse before they get better. Cybercriminals will continue to proliferate across the planet, along with the sophisticated methods of their intrusions. However, the only true defence is a proactive defence that’s fortified with the right tools, along with the right people to use them.


The point I am making is simple. You never know when or how your next cyber security incident will come, and what’s exciting for threat actors, is that so many successful businesses are playing Russian Roulette with cybersecurity.

That’s why having ISMS in place will significantly decrease the harmful effects that can occur during a crisis caused by any major event that causes downtime.

This also empowers companies to leverage their response time against threat actors, because if you’re responding to cyber security incidents after a breach occurred and not as the breach is happening, then I can assure you, you’ve arrived at this party too late.



Systems Admin or an ISMS?


I hate to be so forward, for what I’m about to say. As a former black hat and threat actor, let me be the first to inform you, that your favourite systems administrator isn’t enough to stop one of us - if that person isn’t monitoring the company with an ISMS. This is, of course, my own opinion.


The contrast mainly deals with the human factor compared to the latest in cutting-edge ISMS and Incident Response deployment, backed by the power of AI and machine learning. Let’s not forget built-in Incident Response plays, active monitoring, risk assessment, and security procedures that make everything that came before it looks like a toy.


Now, remove these tools from the equation, and render the security and orderly running of the technology sustaining your entire enterprise into the hands of a human element.


Armed with a variety of 3rd party tools, I hope they’re everything you need to stand against the most formidable cyber adversaries. I have participated in countless intrusions during my life as a black hat.


I say this because the success of these missions was ensured by companies that didn't maximize their approach to cyber security, incident response, and management. Instead of these companies controlling the outcome of incidents by resolving risks before we discovered them, we were able to cause a crisis.


With the right weapons, you can control the battlefield, and control the outcome of risks, incidents, and crises, rather than being at the mercy of Murphey’s Law.

The adage, "If it isn't broke, don't fix it," undermines our position toward prevention.


Therefore, prudence comes into play when companies arm themselves with the right weapons and resources to leverage the battlefield against all bad actors, and all those inconvenient circumstances that can arise without provocation.



An article by Jesse McGraw

Edited by Anne Caminer

7 views
Screen Shot 2022-06-13 at 4.57.16 PM.png

Detect, respond, prevent and SOAR with ORNA

Subscribe

Weekly cyber insights

Thanks for submitting!