Cybersecurity Best Practices: Taking the Assume Breach Approach
August 27, 2021
By Rhia Prajes
Assume Breach is a Cybersecurity approach that deals primarily with mindset. To Assume Breach is to treat all accounts as unsecured and already been compromised. This benefits your overall security by more frequently exercising and measuring reactive capabilities in the event of a breach, and helps guide operational security processes and investments.
When an organization would want to implement an Assume Breach approach, they need to first adopt an “Adversary Mindset”. It is not only the job of IT Personnel but also all of the key players in an organization to think of an Identities as a “Threat” to security and a possible Opponent.
Secondly, applying practical and tested Security Policies, such as a Zero-Trust Architecture, would support the organization in this initiative. With this “Never Trust, Always Verify” Policy, your organization can address and support your Cyber Security strategy through a Perimeter-less security and network micro-segmentation.
Lastly, one of the focus of Assume Breach is to exercise and prepare your organization for Breach Management. Your capabilities for Protection, Detection, and Response are critical aspects in this stage!
With today’s threat landscape and vulnerabilities, there are common risks involved that would be easier to identify if an organization adopts an Assume Breach mindset:
Phishing
It is the easiest vulnerability that Threat Actors use. Phishing has evolved over the years and has been a contributor to most major cyberattacks globally. Even if your organization deploys numbers of tools to prevent Phishing, it is of high importance that organization’s key players are well-trained and knowledgeable to identify this kind of threat. In fact, trained non-IT employees can be of great help to detect Phishing right when they have received it.
Zero-Day Exploits
Zero-day is a type of vulnerability that hackers can use to attack and exploit systems and the threat actors release malware before a developer is aware of the flaw. At first, a zero-day exploits leaves no opportunity for detection until someone recognizes the exploits, and it can take days or weeks or even months before the developer identify the vulnerability that led to the attack.
With an Assume Breach Security Model, companies leverage their cyber security practices by assuming that a compromise has already occurred and putting an action on post exploitation activities and behaviors, thus accelerating resolution to the threat.
Insider Threats
There is no worse experience other than working blindly against an enemy. It is the same thing with the issue of an elusive insider threat, whether that person has knowingly or unknowingly compromised your network and internal assets. That is why Zero-Trust Architecture is important to be deployed in an organization—it recognizes that internal actors are a valid source of threat and seeks to analyze all activities that suggest more malicious intent, such as numerous failed login attempts or massive data downloads. By taking a close look at all activities, those that suggest a real breach can be identified faster and reduce overall impact.
Ransomware
With the rise of Ransomware-as-a-Service, it has brought multiple damages around the world and even affected Small and Medium Business. Ransomware is a kind of attack that proliferates through your network and allows attackers to threaten breaches or perform double extortion in exchange for ransom money.
If an organization works an Assume Breach strategy, it can create an analysis on the scenarios and business impacts which will be useful for protection, detection, response and remediation.
Assume Breach Policy: Your Organization’s next steps
With Assume Breach, your organization will know how to detect and gather evidence from the adversary, create a context on the scope of the breach, and form and execute a remediation plan to recover from the breach. It is not enough to have know-how when you have been compromised but also it is imperative to go through the process of preparation for breach. It is imperative that your company will do its own research and analysis as to the organizations security needs and draft a policy like the Zero-Trust Model to address all the vulnerabilities of your network and business.
With the right IT Partner, however, you can more effectively define a Cyber Security Strategy supported with an internal training so all of your business’ key players take role in this initiative. As an award-winning Microsoft partner, Metro CSG can help you take advantage of technology that can simplify and accelerate this process.