Cyber self-defense

Last updated

In cybersecurity, cyber self-defense refers to self-defense against cyberattack. [1] While it generally emphasizes active cybersecurity measures by computer users themselves, cyber self-defense is sometimes used to refer to the self-defense of organizations as a whole, [2] such as corporate entities or entire nations. [3] [4] [5] Surveillance self-defense [6] [7] [8] is a variant of cyber self-defense and largely overlaps with it. Active and passive cybersecurity measures provide defenders with higher levels of cybersecurity, intrusion detection, incident handling and remediation capabilities. Various sectors and organizations are legally obligated to adhere to cyber security standards.

Contents

Background

Organizations may conduct a penetration test via internal team or hire a third-party organization to audit the organization's systems. Larger organizations may conduct internal attacker-defender scenarios with a "red team" attacking and a "blue team" defending. The defenders, namely threat hunters, system administrators, and programmers, proactively manage information systems, remediate vulnerabilities, gather cyber threat intelligence, and harden their operating systems, code, connected devices, and networks. Blue teams may include all information and physical security personnel employed by the organization. [9] Physical security may be tested for weaknesses, and all employees may be the target of social engineering attacks and IT security audits. Digital and physical systems may be audited with varying degrees of knowledge of relevant systems to simulate realistic conditions for attackers and for employees, who are frequently trained in security practices and measures. In full-knowledge test scenarios, known as white box tests, the attacking party knows all available information regarding the client's systems. In black box tests, the attacking party is provided with no information regarding the client's systems. Gray box tests provide limited information to the attacking party.

Cybersecurity researcher Jeffrey Carr compares cyber self-defense to martial arts as one's computer and network attack surface may be shrunk to reduce the risk of exploitation. [10]

Measures

Authentication

Anti-social engineering measures

Preventative software measures

Network and information security measures

Reporting breaches and incidents

"Hacking back"

Legal theorists and policy makers are increasingly considering authorizing the private sector to take active measures by "hacking back" (also known as hackbacks). [20] [21] In contrast to active attack measures, passive defense measures present a reduced risk of cyberwarfare, legal, political, and economic fallout.

A contemporary topic in debate and research is the question of 'when does a cyber-attack, or the threat thereof, give rise to a right of self-defense?' [22]

In March 2017, Tom Graves proposed the Active Cyber Defense Certainty Act (ACDC) that would enhance the Computer Fraud and Abuse Act (CFAA) to allow individuals and the private sector to use certain tools currently restricted under the CFAA to identify attackers and prevent attacks by hacking them. [20] [23] [24] This presents a "chicken or the egg" problem, wherein if everyone were allowed to hack anyone, then everyone would hack everyone and only the most skilled and resourced would remain.
Brad Maryman warns of unintended consequences, stating that in his view "the notion that we should legislate and accept a level of undocumented and unmonitored cyber actions by anyone who thinks they have been hacked is unfathomable". [24]

See also

Related Research Articles

<span class="mw-page-title-main">Computer security</span> Protection of computer systems from information disclosure, theft or damage

Computer security, cybersecurity, digital security or information technology security is the protection of computer systems and networks from attacks by malicious actors that may result in unauthorized information disclosure, theft of, or damage to hardware, software, or data, as well as from the disruption or misdirection of the services they provide.

RSA SecurID, formerly referred to as SecurID, is a mechanism developed by RSA for performing two-factor authentication for a user to a network resource.

Internet security is a branch of computer security. It encompasses the Internet, browser security, web site security, and network security as it applies to other applications or operating systems as a whole. Its objective is to establish rules and measures to use against attacks over the Internet. The Internet is an inherently insecure channel for information exchange, with high risk of intrusion or fraud, such as phishing, online viruses, trojans, ransomware and worms.

A security hacker is someone who explores methods for breaching defenses and exploiting weaknesses in a computer system or network. Hackers may be motivated by a multitude of reasons, such as profit, protest, information gathering, challenge, recreation, or evaluation of a system weaknesses to assist in formulating defenses against potential hackers.

Information security standards or cyber security standards are techniques generally outlined in published materials that attempt to protect the cyber environment of a user or organization. This environment includes users themselves, networks, devices, all software, processes, information in storage or transit, applications, services, and systems that can be connected directly or indirectly to networks.

A cybersecurity regulation comprises directives that safeguard information technology and computer systems with the purpose of forcing companies and organizations to protect their systems and information from cyberattacks like viruses, worms, Trojan horses, phishing, denial of service (DOS) attacks, unauthorized access and control system attacks. While cybersecurity regulations aim to minimize cyber risks and enhance protection, the uncertainty arising from frequent changes or new regulations can significantly impact organizational response strategies.

<span class="mw-page-title-main">Ivanti</span> American IT software company

Ivanti is an IT software company headquartered in South Jordan, Utah, United States. It produces software for IT Security, IT Service Management, IT Asset Management, Unified Endpoint Management, Identity Management and supply chain management. It was formed in January 2017 with the merger of LANDESK and HEAT Software, and later acquired Cherwell Software. The company became more widely known after several major security incidents related to the VPN hardware it sells.

A password manager is a computer program that allows users to store and manage their passwords for local applications or online services such as web applications, online shops or social media. A web browser generally has a built in version of a password manager. These have been criticised frequently as many have stored the passwords in plaintext, allowing hacking attempts.

Computer security software or cybersecurity software is any computer program designed to influence information security. This is often taken in the context of defending computer systems or data, yet can incorporate programs designed specifically for subverting computer systems due to their significant overlap, and the adage that the best defense is a good offense.

A supply chain attack is a cyber-attack that seeks to damage an organization by targeting less secure elements in the supply chain. A supply chain attack can occur in any industry, from the financial sector, oil industry, to a government sector. A supply chain attack can happen in software or hardware. Cybercriminals typically tamper with the manufacturing or distribution of a product by installing malware or hardware-based spying components. Symantec's 2019 Internet Security Threat Report states that supply chain attacks increased by 78 percent in 2018.

Security information and event management (SIEM) is a field within the field of computer security, where software products and services combine security information management (SIM) and security event management (SEM). SIEM is the core component of any typical Security Operations Center (SOC), which is the centralized response team addressing security issues within an organization.

A cyberattack is any offensive maneuver that targets computer information systems, computer networks, infrastructures, personal computer devices, or smartphones. An attacker is a person or process that attempts to access data, functions, or other restricted areas of the system without authorization, potentially with malicious intent. Depending on the context, cyberattacks can be part of cyber warfare or cyberterrorism. A cyberattack can be employed by sovereign states, individuals, groups, societies or organizations and it may originate from an anonymous source. A product that facilitates a cyberattack is sometimes called a cyber weapon. Cyberattacks have increased over the last few years. A well-known example of a cyberattack is a distributed denial of service attack (DDoS).

The following outline is provided as an overview of and topical guide to computer security:

Cozy Bear, classified by the United States federal government as advanced persistent threat APT29, is a Russian hacker group believed to be associated with one or more intelligence agencies of Russia. The Dutch General Intelligence and Security Service (AIVD) deduced from security camera footage that it is led by the Russian Foreign Intelligence Service (SVR), a view shared by the United States. Cybersecurity firm CrowdStrike also previously suggested that it may be associated with either the Russian Federal Security Service (FSB) or SVR. The group has been given various nicknames by other cybersecurity firms, including CozyCar, CozyDuke, Dark Halo, The Dukes, Midnight Blizzard, NOBELIUM, Office Monkeys, StellarParticle, UNC2452, and YTTRIUM.

This is a list of cybersecurity information technology. Cybersecurity is security as it is applied to information technology. This includes all technology that stores, manipulates, or moves data, such as computers, data networks, and all devices connected to or included in networks, such as routers and switches. All information technology devices and facilities need to be secured against intrusion, unauthorized use, and vandalism. Additionally, the users of information technology should be protected from theft of assets, extortion, identity theft, loss of privacy and confidentiality of personal information, malicious mischief, damage to equipment, business process compromise, and the general activity of cybercriminals. The public should be protected against acts of cyberterrorism, such as the compromise or loss of the electric power grid.

Charming Kitten, also called APT35, Phosphorus or Mint Sandstorm, Ajax Security, and NewsBeef, is an Iranian government cyberwarfare group, described by several companies and government officials as an advanced persistent threat.

Internet security awareness or Cyber security awareness refers to how much end-users know about the cyber security threats their networks face, the risks they introduce and mitigating security best practices to guide their behavior. End users are considered the weakest link and the primary vulnerability within a network. Since end-users are a major vulnerability, technical means to improve security are not enough. Organizations could also seek to reduce the risk of the human element. This could be accomplished by providing security best practice guidance for end users' awareness of cyber security. Employees could be taught about common threats and how to avoid or mitigate them.

<span class="mw-page-title-main">2020 United States federal government data breach</span> US federal government data breach

In 2020, a major cyberattack suspected to have been committed by a group backed by the Russian government penetrated thousands of organizations globally including multiple parts of the United States federal government, leading to a series of data breaches. The cyberattack and data breach were reported to be among the worst cyber-espionage incidents ever suffered by the U.S., due to the sensitivity and high profile of the targets and the long duration in which the hackers had access. Within days of its discovery, at least 200 organizations around the world had been reported to be affected by the attack, and some of these may also have suffered data breaches. Affected organizations worldwide included NATO, the U.K. government, the European Parliament, Microsoft and others.

A global wave of cyberattacks and data breaches began in January 2021 after four zero-day exploits were discovered in on-premises Microsoft Exchange Servers, giving attackers full access to user emails and passwords on affected servers, administrator privileges on the server, and access to connected devices on the same network. Attackers typically install a backdoor that allows the attacker full access to impacted servers even if the server is later updated to no longer be vulnerable to the original exploits. As of 9 March 2021, it was estimated that 250,000 servers fell victim to the attacks, including servers belonging to around 30,000 organizations in the United States, 7,000 servers in the United Kingdom, as well as the European Banking Authority, the Norwegian Parliament, and Chile's Commission for the Financial Market (CMF).

Namespace security is a digital security discipline that refers to the practices and technologies employed to protect the names and identifiers within a digital namespace from unauthorized access, manipulation, or misuse. It involves ensuring the integrity and security of domain names and other digital identifiers within networked environments, such as the Internet's Domain Name System (DNS), software development namespaces and containerization platforms. Effective namespace security is crucial for maintaining the reliability and trustworthiness of brands and their digital services and for preventing cyber threats including impersonation, domain name hijacking or spoofing of digital identifiers like domain names and social media handles.

References

  1. Whitehouse, Sheldon; Mikulski, Barbara; Snowe, Olympia. "Cyber self-defense can help U.S. security - CNN.com". CNN. Retrieved April 13, 2017.
  2. Freedberg, Sydney J. Jr. (June 17, 2015). "Adm. Zukunft Unveils New Coast Guard Cyber Strategy". Breaking Defense. Retrieved April 13, 2017.
  3. "Qatari tech helps Hamas in tunnels, rockets: Expert". The Times of Israel. Retrieved April 13, 2017.
  4. Rella, Christoph. "Neutrales Österreich setzt auf "Cyber"-Selbstverteidigung - Wiener Zeitung Online" (in German). Wiener Zeitung Online. Retrieved April 13, 2017.
  5. "Cyberattacks could trigger self-defense rule, U.S. official says". Washington Post. Retrieved April 13, 2017.
  6. Greenberg, Ivan (May 31, 2012). Surveillance in America: Critical Analysis of the FBI, 1920 to the Present. Lexington Books. ISBN   9780739172483 . Retrieved April 13, 2017.
  7. Ziccardi, Giovanni (September 29, 2012). Resistance, Liberation Technology and Human Rights in the Digital Age. Springer Science & Business Media. ISBN   9789400752757 . Retrieved April 13, 2017.
  8. "EFF Relaunches Surveillance Self-Defense". Electronic Frontier Foundation. October 23, 2014. Retrieved April 13, 2017.
  9. Miessler, Daniel. "The Difference Between Red, Blue, and Purple Teams" . Retrieved May 7, 2019.
  10. 1 2 3 4 5 "Cyber Self Defense For Non-Geeks". jeffreycarr.blogspot.de. Retrieved April 13, 2017.
  11. 1 2 3 4 5 6 7 Thornton, Michael (February 16, 2017). "You Can't Depend on Antivirus Software Anymore". Slate. Retrieved April 13, 2017.
  12. 1 2 Firewall, The. "Cyber Self Defense: Reduce Your Attack Surface". Forbes. Retrieved April 13, 2017.
  13. 1 2 3 4 Conn, Richard (March 15, 2016). "Cybersecurity Expert Gives Tips To Stay Safe Online" . Retrieved April 13, 2017.
  14. 1 2 3 Moore, Alexis; Edwards, Laurie (2014). Cyber Self-Defense: Expert Advice to Avoid Online Predators, Identity Theft, and Cyberbullying . Rowman & Littlefield. ISBN   9781493015429.
  15. Seay, Gary. "4 Keys to Cyber Security Self-Defense" . Retrieved April 13, 2017.
  16. Barrett, Brian. "Flash. Must. Die". WIRED. Retrieved April 13, 2017.
  17. Whittaker, Zack. "13 new vulnerabilities? You should disable or uninstall Adobe Flash | ZDNet". ZDNet. Retrieved April 13, 2017.
  18. Stoner, Daniel. "Hackers Love IoT Products: Here's How to Keep Them Out". Safety Detective. Retrieved November 22, 2018.
  19. Tiwari, Mohit (April 2017). "INTRUSION DETECTION SYSTEM". International Journal of Technical Research and Applications 5(2):2320-8163. Retrieved April 22, 2019.
  20. 1 2 Chesney, Robert (May 29, 2013). "International Law and Private Actor Active Cyber Defensive Measures". Lawfare. Retrieved April 13, 2017.
  21. Brown, Megan L. (September 6, 2018). "Authorizing Private Hackback Would Be a Wild West for Cybersecurity". Law.com. Retrieved September 7, 2018.
  22. Waxman, Matthew C. (March 19, 2013). "Self-Defensive Force Against Cyber Attacks: Legal, Strategic and Political Dimensions". International Law Studies. 89. SSRN   2235838.
  23. Hawkins, Garrett. "Rep. Tom Graves Proposes Cyber Self Defense Bill". www.thedallasnewera.com. Retrieved April 13, 2017.
  24. 1 2 "'Self-Defense' Bill Would Allow Victims to Hack Back" . Retrieved April 13, 2017.
This page is based on this Wikipedia article
Text is available under the CC BY-SA 4.0 license; additional terms may apply.
Images, videos and audio are available under their respective licenses.