What is countermeasures in cyber security
Skip to content
Show
Cybersecurity Countermeasures: Tools for Risk ManagementA discussion of The Law of Diminishing Returns and Cybersecurity Investment. The Cybersecurity Price QuandaryA reasonably good anti-virus product with a bundled firewall can be acquired for less than a dollar per month. Some companies pay ten to a hundred times that for an advanced endpoint detection product or a managed detection service. Larger companies frequently spend hundreds of thousands of dollars – sometimes millions – to create a security operations center (SoC). Why is there this huge disparity in terms of cost if, alone, none of them protect a company against all threats? A Lesson from Natural DisastersThe same considerations must be made when taking precautions against natural disasters. Countermeasures work only against specific threats. When a hurricane is bearing down on a coastal town, boarding up the windows might be an effective measure against a normal seasonal storm, but it will have a limited effect against a Category 5 hurricane. Alternatively, you’d invest more into earthquake-proofing a building if it were built on the San Andreas Fault than if it were built on the flat, fault-free Canadian prairies. The same goes for cybersecurity: it’s important to develop a risk management framework that’s reflective of the level of cyber protection your business needs. 3 Steps to Cyber Risk ManagementThere are numerous frameworks for cyber risk management, and they all boil down to the following 3 steps:
Evaluating RiskTo evaluate remaining risk, calculate the expected value (EV) of possible threat scenarios. Risk is generally expressed as:
You’d also use this equation to calculate the odds of winning the lottery or playing casino games. However, if the roulette comes out on “SQL injection exploit in your web applications”, you lose big instead of winning a lot of money. Enterprise Risk ToleranceBased on the business’s tolerance for risk, there will be threshold at which risk is acceptable and thresholds at which the risk is unacceptable. For example, a bank may extend a mortgage to someone with a sizeable amount of money in the bank and a stable income without batting an eye. However, the bank will not lend the same money to an itinerant person dependent on aluminum returns for their income. In both cases, neither person is zero-risk: either customer could default on their loan. For the first person, the risk sits within an acceptable threshold. For the second person, the risk sits outside the acceptable threshold. This risk thresholds are usually represented through a grid as seen in Figure 1. Events that happen very rarely (low probability) and cause little financial or operation harm (low impact) are considered acceptable. Events that happen frequently (high probability) and threaten the survival of the company (high risk) are unacceptable risk, as represented by the color coding on the chart. Situations in the middle get a bit murkier and usually vary based on the culture of the company. Taking on more risk typically comes with more rewards. Applying a CountermeasureBy applying a countermeasure, risk previously deemed too high can be reduced. Consider the scenario where your business relies on a web service that is affected by a new vulnerability. An unauthenticated remote code execution vulnerability was made public in hacker circles and is currently being exploited in the wild. You would have a fairly high chance of suffering from an attack because your web services are exposed. Now that the vulnerability is public, anyone could abuse the vulnerability. Triggering the vulnerability would allow an attacker to take control of your server and access all of your client data. This breach could destroy your business. However, the vendor came out with a patch that fixes the hole and changes the web service architecture. The vulnerable section of code no longer runs with high privileges. If you apply the new patch, hackers will no longer be able to gain control of your machine (unless they develop a 0-day attack, which is much less likely. Even if someone manages to trigger a similar vulnerability, the impact will be less severe). This new change in risk is illustrated in Figure 2. In the following example, we can see that the residual risk (risk that persists after having applied the countermeasure) is now within the acceptable zone. Unfortunately, the type of one-stop solution described above is rarely available, so we use layered countermeasures. Relying on Layered CountermeasuresFigure 3 refers to the example of the web server and shows the application of successive mitigations. In this instance, the fix applies a web-application firewall in an attempt to prevent an attacker from triggering the vulnerability. The risk is still unacceptable. In response, the server is moved to a sandbox or chroot jail to limit the impact if the vulnerability is triggered. We’ll touch on this concept of “defense-in-depth” in future installments of this blog. The Law of Diminishing Returns and Cybersecurity InvestmentsThe price of security services and products is not directly linked to the value of the return on risk. The first countermeasure greatly reduces the risk of a breach. Broadly applicable commodity products, like firewalls and AV, detect widespread threats very inexpensively but, these basic tools don’t detect threats like living-off-the-land malware or previously unknown binaries. The remaining risks are more exotic and less likely, but still, they could significantly impact or even destroy your business. The cost to address these exotic risks is generally higher. These risks require more effort and know-how to counter the stealth techniques used by the hackers. This can create a barrier to entry for small and medium businesses (SMBs). These businesses may not have the resources (either financial or human) to acquire and operate the high-end countermeasures. That means residual risk is left exposed, placing SMBs in an unacceptable risk position. All of this is part of why we, at CYDEF, think everyone should feel safe to do business online. We work hard to deliver enterprise grade security for a cost SMBs can afford. To learn more about our endpoint detection and response solutions, or our managed detection options, get in touch. Share This Story, Choose Your Platform!Related PostsWhat are the three types of countermeasures?These countermeasures can be classified into three types of categories, including, cryptography methods, humans factors, and intrusion detection methods, as presented in Fig.
What does mean countermeasure?Definition of countermeasure
: an action or device designed to negate or offset another The most well-known countermeasure by a physician is a malicious-persecution suit against the lawyer who sued him and failed to prove a case.—
Which are types of counter measures?Techopedia Explains Countermeasure
Examples include: Routers: Mask Internet Protocol (IP) addresses. Anti-virus and anti-spyware applications: Protect against malicious software (malware), including viruses, Trojans and adware. Behavioral techniques: Applied by users to deter threats, such as suspicious email ...
What are some countermeasures against attacks?10 Ways to Prevent Cyber Attacks. In todays world, cyber security is as important as ever. ... . Train your staff. ... . Keep your software and systems fully up to date. ... . Ensure Endpoint Protection. ... . Install a Firewall. ... . Backup your data. ... . Control access to your systems. ... . Wifi Security.. |