Compromised Mindset: Assume You Have Unwanted Guests, Now What?

If you ever find it difficult to convey just how bad the threat landscape is today, remember this: for every organisation, it’s not a question of if. It’s a question of when. For proof, just look at the statistics.

In 2022, 39% of UK businesses said they had experienced a cyber attack. Of these, about half said they were hit with sophisticated threats like ransomware, and 31% said they were attacked at least once a week. 

Cybercriminals are becoming more persistent and effective. With the rise of cybercrime-as-a-service, even novice hackers can launch sophisticated attacks that can take down not only SMBs but also enterprises. 

Which makes us wonder about the above statistic. If about 4 in 10 businesses were attacked this year, does that mean 6 in 10 were not? Or does it simply mean that threat actors were able to evade detection? 

The latter assumption is more likely. According to the “Cost of a Data Breach” report by IBM, it takes an average of 207 days to detect a breach. If a cybercriminal just snoops around a network (likely leaving a backdoor behind for future hacks) and/or steals data, the victim may never know. 

Many organisations are unaware they have been hacked until a threat actor performs a deliberately malicious action, like locking down critical assets or leaving a ransom note saying they have exfiltrated sensitive data.

All this means that most organisations are underprepared when it comes to identifying breaches, and is why we are hosting a webinar on the “compromised mindset” mentality.

Sign up for our webinar, which will take place on the 8th December 2022 at 11am BST and features speakers including Dave Atkinson, Founder & CEO of SenseOn.

What Is a “Compromised Mindset” and Why Is It Important?

“Compromised mindset” is a cybersecurity strategy that works by assuming your organisation is either already breached or will be breached, and taking necessary actions. 

Although “compromised mindset” is not new, it is becoming increasingly important. Cybercrime has exploded to the point where finding a business that has never been impacted by a hack is more of a challenge than finding one that has suffered a cyberattack. 

Here are just some reasons why embracing the “compromised mindset” is now essential: 

• Initial access brokers have built their business models around quietly infiltrating corporate networks and then selling access to them on the dark web. In Q3 2022, analysts at the cybersecurity company KELA recorded 100+ threat actors selling access to 576 corporate networks.
• Cybercriminals are actively reaching out to employees and asking for assistance in launching ransomware attacks in return for a profit. Unfortunately, these kinds of insider threats are particularly difficult to spot. Insider threats can also be accidental, like an employee clicking on a phishing email. 
• Living off the land attacks, where hackers use an organisation’s own resources against it so as not to flag security controls and security operations centres, were one of the biggest threats facing businesses last year. 

From the Japanese electronics manufacturer Panasonic to the Australian government-owned water supplier Sunwater, there is no shortage of real-world cases where organisations had no idea they were breached until a threat actor decided to make their presence in their networks known. 

If some of the biggest companies in the world (and critical government agencies) can miss signs of a security incident, so can every other organisation. Yet almost half of all organisations surveyed by ESG and Illumio do not believe they will be breached. 

Adopting the “compromised mindset” mentality guarantees that you will never be taken by surprise because you know that your corporate network is not impenetrable and that, sooner or later, threat actors will find their way in—if they haven’t already. 

In the event of a breach, how quickly a business can mitigate and recover from a cyber incident matters. The shorter the data breach life cycle, the smaller the data breach costs. Yet another reason to make the “compromised mindset” part of your defence strategy. 

What Does “Compromised Mindset” Security Involve? 

A “compromised mindset” can help organisations detect and remediate intrusions as they happen in real-time, minimising the risk of total compromise and drastically reducing costs of remediation. 

“Compromised mindset” security is made up of three parts: 

1. Prevention. “Compromised mindset” does not mean waiting for a breach to happen. Companies can and should take steps to prevent cyber attacks. A good place to start is using MITRE ATT&CK to gain what is known as the “defender’s advantage”. 

2. Detection. Companies need tools and techniques in place that can help them identify when a breach has happened. This can include activity monitoring, antivirus, intrusion detection systems (IDS), endpoint detection and response (EDR), and security information and event management (SIEM), among others. The key here is having good visibility into every part of your digital infrastructure, not just endpoints, and not relying on indicators of compromise. 

3. Response. When a breach is detected, organisations need to have a clear plan on how they will respond to the intrusion (i.e., incident response). For example, identifying systems under attack, isolating infected devices, etc. Many organisations that implement a “compromised mindset” use security automation tools that have the capabilities to prioritise alerts, map events to the MITRE ATT&CK framework, and respond to time-sensitive cyber threats such as ransomware automatically.

Avoid Tool Over-investment

Organisations sometimes falsely believe that the more security tools they have, the better they will be equipped to identify and remediate attacks and therefore embrace the “compromised mindset”. 

In reality, a larger tool stack does not correlate with improved threat detection. Research has shown that having more tools can actually harm a company’s security posture. 

This is down to alert fatigue. Most organisations do not have enough resources to investigate every alert their security platforms issue, which can result in overwhelmed IT teams ignoring alerts and real security incidents going unnoticed. 

Rather than buying multiple security solutions available on the market and expanding their cyber tech stacks, companies should purchase tools and softwares, such as that of SenseOn’s, that provide visibility to multiple areas of the digital estate. According to Gartner, these are “the future.” 

Learn How to Implement a Compromised Mindset Into Your Cyber Techstack 

A “compromised mindset” sometimes gets a bad rep because it is seen as overly pessimistic. However, if our experience in this industry has taught us anything, it is that determined actors will always find a way in. 

Whether it’s a zero-day vulnerability, a careless third-party, or a tired employee that is tricked into downloading malware via a convincing spear-phishing text, there are too many attack vectors for modern organisations to lock down, and too many for cybercriminals to exploit. 

That’s not to say that companies should ignore preventative controls. Security techniques and tools that focus on stopping intrusions from happening in the first place are important. But they will not stop cybercriminals from breaching corporate networks. 

To learn more about how organisations can adopt the compromised mindset, tune into our webinar on the 8th December 2022 at 11am BST. During it, SenseOn will discuss how to train organisations to identity compromise, why more tools can lead to more attacks, and how security teams can increase the speed with which they detect cyber breaches. Sign up for the webinar today.

To try out SenseOn for yourself, sign up for our free demo here.