Takeaways

  1. Think like attackers with RINSE Attack Life Cycle model.
  2. Defend Tactically with Tactics → Techniques → Procedures modeling.
  3. Disrupt one or more offensive tactics & make techniques related to those tactics irrelevant.
  4. Defending Tactically lowers your costs & increases effort for adversaries.

WHAT NOT TO DO is a valid strategy

Professor Michael Porter (Harvard Business School) once wrote in a classic 1996 Harvard Business Review article:

<aside> 🧠 The essence of strategy is choosing what not to do. Without tradeoffs, there would be no need for choice & thus no need for strategy.

</aside>

We may have done all the right things (e.g. investment in technical controls, training people to comply to policies & so on), but a single wrong move can nullify all efforts. It is only as strong as the weakest link. Let’s walk through the attack process to see what NOT to do with respect to Threat Accessibility, the “oxygen” of cyber attacks & what do we mean by defending “tactically”.

Think like Attackers

Once again, we revisit the necessary & sufficient conditions of attacks. A quick recap from the 1st part of this series, NUMBER ONE thing you want to do is cut off “oxygen” of cyber attacks; anything related to your systems that Threat Actors can access for their advantage!

Screenshot 2022-04-16 at 2.34.59 PM.png

Attackers have to act & the 1st phase will be Reconnaissance, to gather information (establish Value & Vulnerabilities) related to your networks, services & even people.

Screenshot 2022-04-16 at 2.46.28 PM.png

Examples of low-hanging fruits (for attackers but what NOT to do for us):

All the above is a subset of any basic Vulnerability Assessment. I sound like Captain Obvious but it still happens repeatedly.