This chapter covers
- Understanding how attackers use multiple techniques at the same time
- Developing security strategies to address insider threats
- Learning why “defense in depth” is different from the traditional “perimeter security” approach
- Learning and implementing strategies to limit the damage from an initial breach and making it easier to spot the attackers
Expanding on the technical hacks and social engineering we discussed in chapters 4 and 5, this chapter looks at the next stage: what hackers do once they have broken their way inside your organization. We’ll also look at another common attack route: insider threats.
Back in chapter 2, we looked at the fundamental building blocks of any security strategy (figure 6.1):
Figure 6.1 Three factors of cybersecurity. These three questions—and their answers—are the cornerstone of any successful cybersecurity strategy.
Understanding what assets we have and want to protect is key to understanding how attackers will behave once they’ve got a foothold in our organization. Knowing who wants to attack us—where the risk comes from—also gives us further insight into how an attack develops. For attackers who want to deface a website (by uploading their own images or slogans to replace valid content), the initial hack is normally all that’s required for them to upload their defacement and move on.