In our joint report with Tidal Cyber, “How Will Adversaries Attack Us and What Defenses Should We Prioritize?”, we explore the dynamic world of cyber threats and defenses through the lens of the MITRE ATT&CK® framework.
This comprehensive study, grounded in a multi-source analysis of 22 reports, aims to arm organizations with a nuanced, threat-informed defense strategy.
Key Insights and Variances in Threat Reporting
Our findings highlight a significant variation in the reporting of ATT&CK techniques and sub-techniques, underscoring the importance of a diversified intelligence strategy to fully comprehend the cyber threat landscape. Notably, while a portion of ATT&CK techniques often remains unreported, data from managed service and incident response providers offer a wider view, revealing prevalent attack methods including the use of Valid Accounts (T1078) and Exploitation of Public-Facing Applications (T1190).
Challenges and Insights in Leveraging ATT&CK
The report also addresses the challenges faced by security professionals in staying updated with the ATT&CK framework and the ambiguity in linking tactics with specific techniques. It provides actionable insights for organizations to adopt a multi-dimensional intelligence approach, emphasizing continuous education and the utility of training sessions and threat simulation exercises.
Identifying Gaps in Reporting
A notable finding from our analysis is the sparse reporting on attack techniques across different sectors, such as mobile devices, organizational sizes, and regions. This gap presents a critical opportunity for future research, aiming to enrich cyber threat intelligence and make it more actionable for a diverse array of organizational contexts.
The Path Forward
This collaboration between the Cyentia Institute and Tidal Cyber spotlights the crucial need for organizations to embrace a comprehensive, threat-informed cybersecurity approach. By leveraging varied insights and prioritizing defenses based on prevalent and impactful threats, organizations can strengthen their cybersecurity posture. The report encourages a broader scope in future analyses, including segmented research, to enhance the applicability and relevance of cyber threat intelligence.
Enhancing the report’s foundation, we propose a nuanced perspective that enables organizations to craft a well-rounded, threat-informed defense posture, underpinned by the detailed exploration of cyber threats and defense strategies facilitated by the MITRE ATT&CK® framework.
Multi-Source Analysis Reveals Varied Threat Landscape
The strength of the report’s insights lie in its thorough multi-source analysis, which illuminates the intricate and varied nature of the cyber threat environment. This analysis not only identifies critical areas needing defense focus but also offers a clear path for organizations to bolster their security efforts through real-world examples and mitigation strategies.
Challenges and Insights in Leveraging ATT&CK
Further, the report delves into the operational challenges of keeping pace with ATT&CK updates and the complexities of accurately mapping tactics to techniques. It suggests a holistic approach for organizations to capture the full threat spectrum, advocating for ongoing adaptation and learning to enhance defense capabilities.
The Dearth of Reporting by Segment
Our findings also spotlight the lack of detailed attack technique reporting across different industry segments, identifying a pivotal area for future research. Addressing this deficiency could significantly improve the precision and actionability of cyber threat intelligence for organizations across varied sectors.
By highlighting these elements and proposing a roadmap for integrating threat-informed defense strategies, this report not only serves as a critical resource for navigating the cyber threat landscape but also fosters collaboration within the cybersecurity community. Engaging with entities like us can amplify efforts towards creating a more secure and resilient digital ecosystem.
Empowering Threat-Informed Defense
Reflecting on the importance of a threat-informed defense, Tidal Cyber’s contributions to the report illustrate how the Tidal platform can operationalize the study’s insights. By refining the priority weightings for ATT&CK tactics, techniques, and sub-techniques, Tidal Cyber enables organizations to tailor their defense strategies to the most pertinent threats, enhancing cybersecurity measures significantly. The platform’s approach, leveraging both Community and Enterprise Editions, empowers organizations with varying levels of resources to engage in continuous threat-informed defense. This methodology is designed to swiftly pinpoint active adversary maneuvers, allowing teams to tackle emerging threats decisively. With features such as user-created technique sets and matrices, integration with defensive solutions (e.g., XDR, EDR, SIEM), and prioritized remediation recommendations, Tidal Cyber’s platform makes a threat-informed defense achievable and practical. By making it easy for organizations to pinpoint relevant cyber threats, see how their current stack of security solutions addresses them, and identify any security gaps, Tidal Cyber significantly improves organizational defense postures.
Towards a Comprehensive Cyber Defense Strategy
The collaboration with Tidal Cyber has yielded a report that maps the cyber threat landscape but also bridges the crucial gap between understanding these threats and implementing effective defenses. By highlighting the most frequently reported techniques and advocating for an expanded scope in future reports to include segmented analysis, the study significantly enhances the relevance of cyber threat intelligence.
Assessment & Benchmarking
Start with a comprehensive assessment of your current cybersecurity posture against the ATT&CK framework to identify gaps and areas of strength. Benchmarking against industry standards and peers can provide a baseline for improvement.
Prioritization of Threats
Utilize the insights from the Cyentia and Tidal Cyber report to prioritize threats that are most relevant to your organization. Consider factors such as your industry, size, and geographic location to tailor this prioritization.
Develop a threat-informed defense strategy that aligns with your organization’s risk appetite and security objectives. This strategy should include both preventative measures and responsive plans to address identified threats.
Integration of Tools & Processes
Leverage tools and resources like “How Will Adversaries Attack Us and What Defenses Should We Prioritize?” and the Tidal Cyber platform to integrate threat intelligence into your security operations. Ensure that your security tools and processes are aligned with the threat-informed defense strategy.
Continuous Learning & Adaptation
Cyber threats are constantly evolving, necessitating ongoing education and adaptation. Engage in continuous learning through training, simulations, and exercises to keep your defense team updated on the latest threats and defense tactics. Additionally, participate in our sponsorship opportunities and you become a part of directly putting valuable information in the hands of cybersecurity leaders and teams to help them better assess and manage risk.
Collaboration & Information Sharing
Foster collaboration within the cybersecurity community by engaging with organizations like us! Participate in information-sharing platforms and initiatives to gain and contribute insights on emerging threats and best practices. We are actively involved in the vibrant LinkedIn Cybersecurity community; follow us to see more of our social promotion. If you’re looking to have larger, more impactful representation in the community, we’d love to hear from you directly. Which leads us to the next point.
Advocacy & Leadership
Become a cybersecurity advocate within your industry by sharing your experiences and lessons learned. Leadership in cybersecurity can help elevate the overall resilience of the digital ecosystem. Your participation and leadership is one of the key elements to advancing the industry and together we can create a safer digital future.
By following this mini roadmap, organizations can implement threat-informed defense strategies that are dynamic, tailored, and responsive to the evolving cyber threat landscape. Collaboration can further enhance these efforts, contributing to a more secure and resilient digital ecosystem for all stakeholders. To gain deeper insights into developing a robust cybersecurity posture and to learn more about the specific threats and defenses applicable to your organization, we encourage you to download the full report, “How Will Adversaries Attack Us and What Defenses Should We Prioritize?“.