6 Internal attacks

 

This chapter covers:

  • Understanding how attackers use multiple techniques at the same time to further attack a target.
  • Developing security strategies to address insider threats – malignant attackers that are inside our organization already.
  • Learning why “defence in depth” is different from the traditional “perimeter security” approach, and why the defence in depth approach is more successful at dealing with today’s complex, multi-layer attacks
  • Learning and implementing strategies to limit the damage from an initial breach – and making it easier to spot the attackers.

Expanding on the technical hacks and social engineering we discussed in chapters 4 and 5, this chapter looks at the next stage: what hackers do once they have broken their way inside your organization. We’ll also look at another common attack route – insider threats.

6.1 What happens after they get in?

Back in chapter 2, we looked at the fundamental building blocks of any security strategy:

  • What assets do we have?
  • Who would want to attack them?
  • What defenses do we already have?

Figure 6.1 Three Factors of Cyber Security. These three questions – and their answers – are the cornerstone of any successful Cyber Security Strategy.

6.2 Gaining more control: Privilege escalation

6.3 Data Theft

6.3.1 Advanced Persistent Threat

6.3.2 Making money from stolen financial details

6.3.3 Making money from ID theft

6.4 Insider Threats

6.5 “Blast Radius”: Limiting the damage

6.5.1 AI, machine learning, behavioral analysis, and snake oil

6.6 Building your castle: Defense in depth

6.6.1 Perimeter security: build a wall

6.6.2 Zero Trust: the attackers are everywhere

6.7 Summary

sitemap