Is it possible to prevent target attacks?

2 July 2021 Traditional defense in the form of antiviruses is sufficient only for simple accidental hacker attacks. Target attacks, when hackers know the aim and try to override every level of security, need more serious defense measures. It is usually well-organized, elaborately planned attacks referred to concrete organizations or the whole economy sectors, made mostly by groups of hackers. Moreover, a concrete organization could be as a direct aim, as a middle element in more complex attack chain.

It is impossible to avoid hacker attacks, but it is possible to reveal them in time and stop. The main aim of the security solution is to make override resource consuming to the maximum. Today organizations should use software and hardware facilities complex, which provides the acceptable level of infosystems defense with sufficient business-processes’ efficiency maintaining.

The additional cybersecurity measures and instruments:

- New generation network firewall
- Detection and intrusion prevention systems
- Web apps network firewalls
- “Sandboxes”
- Data security systems (DLP)
- Terminal devices security systems (EPP)
- Detection and response to threats on terminal devices systems (EDR)
- Detection and response to threats in infrastructure systems (XDR)
- Data encryption
- Virtual private nets
- E-signature
- Two-factor authentication
- DDoS security instruments
- Mail servers security instruments
- Teamwork systems security instruments
- Vulnerabilities scans
- Pen tests
- Passwords managers
- Mobile devices control
- Software environment restriction
- User behavior analysis systems (UBA)
- User and entity behavior analysis systems (UEBA)
- Cloud access security systems (CASB)
- Information security events control systems (SIEM)
- Security operation center (SOC)
- Security orchestration, automation and response systems (SOAR)

On practice, cybercriminals have already managed to override the majority of the mentioned measures. It is possible to resist a possible cybersecurity threats realization only by using a complex effort and adequate security measures. Correct approach to cybersecurity means the multilevel defense of the whole infrastructure.

The security measures complex, aimed to prevent data privacy compromise, should also include a number of organizational measures:

- Strict record of the software, devices usage and data-transmission channels
- Implementation of the defined cybersecurity policy
- Development of the clear data exchange procedures
- Preparation of the password policies and procedures
- Execution of the NDA with personnel: accountancy, financial and other economic departments
- Creation of the incidents response plan
- Periodical personnel training in following the cybersecurity requirements and procedures
- Regular analysis of measures efficiency and cybersecurity instruments
- Organization of the policy and procedures by CEOs compliance control system
You should take cybersecurity expenses as an investment. People say, don’t be penny wise and pound foolish. Remember, that maintaining cybersecurity means an instant process, requiring a lot of attention and control. It is not a single event. Security measure wouldn’t be effective without monitoring, service and support by the experienced cybersecurity experts.

Author: Ivankov Alexei, system architect, Open Technologies’ Cybersecurity center

Prev news:
Cybersecurity rules checklist Next news:
Global cyberattacks research and methods of their prevention