[ad_1]
It is not just the infrastructure that is under attack, but also sporting and cultural events, especially the most followed, targeted by cybercriminals because of their global resonance. In 2022 there are numerous events that will require particular attention from the point of view of cyber defenses given their visibility: we cite as an example the Tour de France, the European swimming championships scheduled in Rome and the women’s soccer championships in England, up to the FIFA World Cup.
According to Mandiantto ensure the smooth running of these events, protecting them from possible cyber sabotage, it is necessary to adopt a strategy based on three phases:
- Understanding the environment: preparing, strengthening and exercising;
- Anticipating threats: testing, monitoring and defending;
- Surviving attacks: responding, containing and remedying.
Step 1: understand the environment
The first step is to obtain a deep knowledge of the environment to be defended, including the people involved, to evaluate their competence and their ability to respond. Not only that: according to Mandiant it is also essential to understand who could be the actors interested in hitting the event, so as to prepare adequate countermeasures, also coordinating with national security agencies and keeping the web and social networks under control by looking for any disinformation campaigns or of sabotage.
In addition to people, it is necessary to verify the infrastructures, implementing technologies for the detection of threats on all endpoints, creating a series of alerts that can alert experts in case of potential dangers, and setting up platforms for monitoring and managing these alerts.
“When it comes to making the infrastructure stronger, it is necessary to conduct compromise assessments and validate controls to verify the security and integrity of the environment and the key data to be protected.“, explains Stuart McKenzie, Senior VP Mandiant Consulting. “Think about what the different access routes to the environment may be and make sure you regularly register and scan all the network resources facing outwards. In a time of chaos you don’t want to have to think about who to involve, so it’s important to make sure you have designated a crisis response team and have the right organizational, executive and communication support. The suggestion is to conduct a tabletop exercise to make sure all parties involved understand their roles and responsibilities during an incident and to test backup procedures to ensure that critical data can be restored quickly and that it works critical companies can remain available “.
Phase 2: anticipate the threats
Once the event has kicked off, it is important for experts to focus on monitoring critical assets and validating security controls. also by carrying out penetration testsuseful both for verifying the correct functioning of the countermeasures implemented, and for the preparation of the people involved and the rapid response of the incident response.
“Attention must be paid to the protection of critical assets: what are your crown jewels and what could be the objectives of an opponent?“, goes on McKenzie. “Protect specific high-value infrastructures and network architecture to limit or eliminate access to critical systems by adversaries, making sure you have offline backups to use when needed “.
Survive the attacks
A cyber attack against large-scale events and demonstrations has a huge impact from a media point of view and for this reason it is necessary to have action plans to respond to attacks not only from a technical point of view, but also from a communication point of view. “Effective response to incidents and violations goes beyond technical investigation, containment and recovery and includes executive communication and crisis management, such as legal, regulatory and public relations considerations“, points out McKenzie. “To this end, it is necessary to take a view of the situation from the potential opponent. Preparing for an incident from one point of view, without resorting to real-world experience and known threat data, only solves half the equation“.
.
[ad_2]
Source link
