Cyber self-defense

In cybersecurity, cyber self-defense refers to self-defense against cyberattack.[1] While it generally emphasizes active cybersecurity measures by computer users themselves, cyber self-defense is sometimes used to refer to the self-defense of organizations as a whole,[2] such as corporate entities or entire nations.[3][4][5] Surveillance self-defense[6][7][8] is a variant of cyber self-defense and largely overlaps with it. Active and passive cybersecurity measures provide defenders with higher levels of cybersecurity, intrusion detection, incident handling and remediation capabilities. Various sectors and organizations are legally obligated to adhere to cyber security standards.

Background

Organizations may conduct a penetration test via internal team or hire a third-party organization to audit the organization's systems. Larger organizations may conduct internal attacker-defender scenarios with a "red team" attacking and a "blue team" defending. The defenders, namely threat hunters, system administrators, and programmers, proactively manage information systems, remediate vulnerabilities, gather cyber threat intelligence, and harden their operating systems, code, connected devices, and networks. Blue teams may include all information and physical security personnel employed by the organization.[9] Physical security may be tested for weaknesses, and all employees may be the target of social engineering attacks and IT security audits. Digital and physical systems may be audited with varying degrees of knowledge of relevant systems to simulate realistic conditions for attackers and for employees, who are frequently trained in security practices and measures. In full-knowledge test scenarios, known as white box tests, the attacking party knows all available information regarding the client's systems. In black box tests, the attacking party is provided with no information regarding the client's systems. Gray box tests provide limited information to the attacking party.

Cybersecurity researcher Jeffrey Carr compares cyber self-defense to martial arts as one's computer and network attack surface may be shrunk to reduce the risk of exploitation.[10]

Measures

Authentication

  • Enable Multi-factor authentication.[11]
  • Minimize authentication risk by limiting the number of people who know one's three common authentication factors, such as "something you are, something you know, or something you have." Unique information is characterized as possessing a particular degree of usefulness to a threat actor in gaining unauthorized access to a person's information.
  • Reduce one's social media footprint[12][13] to mitigate risk profile.
  • Regularly check one's social media security and privacy settings.[13]
  • Create strong and unique passwords for each user account[11][10] and change passwords frequently and after any security incident.
  • Use a password manager to avoid storing passwords in physical form. This incurs a greater software risk profile due to potential vulnerabilities in the password management software, but mitigates the risk of breaches if one's password list were stolen or lost and in the case keyloggers were present on machine.
  • Pay attention to what information one might accidentally reveal in online posts.[13]
  • Regularly check one's social media security and privacy settings.[13]
  • Change default passwords to programs and services to prevent default credential vulnerability exploitation techniques.
  • Appropriately use password brute force attack prevention software such as Fail2ban or an effective equivalent.
  • Never give out logins or passwords to anyone unless absolutely necessary and if so, change them immediately thereafter.[14]
  • Use security questions and answers that are impossible for anybody else to answer even if they have access to one's social media posts or engage in social engineering.[14]

Anti-Social Engineering Measures

  • Do not plug in found external storage devices, such as external hard drives, USB flash drives, and other digital media.
  • Beware of social engineering techniques and the six key principles, reciprocity, commitment and consistency, social proof, authority, liking, and scarcity.
  • Beware of shoulder surfing, wherein threat actors collect passwords and authentication information by physically observing the target user.
  • Beware of piggybacking (tailgating) wherein a threat actor closely follows an authorized personnel into a secure facility.
  • Beware of wardriving, wherein threat actors use mobile hacking stations to gain unauthorized access to WiFi. Wardriving might also consist of the use of parabolic microphones to gather acoustic data, such as passwords and personally identifiable data.
  • Be cautious when browsing and opening email attachments or links in emails,[10] known as phishing.
  • Refrain from interacting with fake phone calls voice fishing, also known as "vishing".
  • Scan links to malicious websites with Google Transparency Report to check for known malware.

Preventative Software Measures

Network and Information Security Measures

Reporting Breaches and Incidents

  • Gather evidence and document security and data breaches (intrusions).
  • Contact relevant authorities, administrators or organizations in the case of a cyberattack.[14]
  • Beware of website data breaches wherein stored passwords and personally identifiable information are publicized.
  • Refer to a state's statute on security breach notification laws.

"Hacking back"

Legal theorists and policy makers are increasingly considering authorizing the private sector to take active measures by "hacking-back" (also known as hackbacks).[20][21] In contrast to active attack measures, passive defense measures present a reduced risk of cyberwarfare, legal, political, and economic fallout.

A contemporary topic in debate and research is the question of 'when does a cyber-attack, or the threat thereof, give rise to a right of self-defense?'[22]

In March 2017, Tom Graves proposed the Active Cyber Defense Certainty Act (ACDC) that would enhance the Computer Fraud and Abuse Act (CFAA) to allow individuals and the private sector to use certain tools currently restricted under the CFAA to identify attackers and prevent attacks by hacking them.[20][23][24] This presents a "chicken or the egg" problem, wherein if everyone were allowed to hack anyone, then everyone would hack everyone and only the most skilled and resourced would remain.
Brad Maryman warns of unintended consequences, stating that in his view "the notion that we should legislate and accept a level of undocumented and unmonitored cyber actions by anyone who thinks they have been hacked is unfathomable".[24]

gollark: <@151149148639330304> https://pastebin.com/RM13UGFa
gollark: PotatOS actually also stands for Primarily Otiose Transformative Acidic Technology Operation System.
gollark: I made it last year.
gollark: No it's not.
gollark: no.

See also

References

  1. Whitehouse, Sheldon; Mikulski, Barbara; Snowe, Olympia. "Cyber self-defense can help U.S. security - CNN.com". CNN. Retrieved 13 April 2017.
  2. Jr., Sydney J. Freedberg. "Adm. Zukunft Unveils New Coast Guard Cyber Strategy". Breaking Defense. Retrieved 13 April 2017.
  3. "Qatari tech helps Hamas in tunnels, rockets: Expert". The Times of Israel. Retrieved 13 April 2017.
  4. Rella, Christoph. "Neutrales Österreich setzt auf "Cyber"-Selbstverteidigung - Wiener Zeitung Online" (in German). Wiener Zeitung Online. Retrieved 13 April 2017.
  5. "Cyberattacks could trigger self-defense rule, U.S. official says". Washington Post. Retrieved 13 April 2017.
  6. Greenberg, Ivan. Surveillance in America: Critical Analysis of the FBI, 1920 to the Present. Lexington Books. ISBN 9780739172483. Retrieved 13 April 2017.
  7. Ziccardi, Giovanni. Resistance, Liberation Technology and Human Rights in the Digital Age. Springer Science & Business Media. ISBN 9789400752757. Retrieved 13 April 2017.
  8. "EFF Relaunches Surveillance Self-Defense". Electronic Frontier Foundation. 23 October 2014. Retrieved 13 April 2017.
  9. Miessler, Daniel. "The Difference Between Red, Blue, and Purple Teams". Retrieved 7 May 2019.
  10. "Cyber Self Defense For Non-Geeks". jeffreycarr.blogspot.de. Retrieved 13 April 2017.
  11. Thornton, Michael (16 February 2017). "You Can't Depend on Antivirus Software Anymore". Slate. Retrieved 13 April 2017.
  12. Firewall, The. "Cyber Self Defense: Reduce Your Attack Surface". Forbes. Retrieved 13 April 2017.
  13. Conn, Richard. "Cybersecurity Expert Gives Tips To Stay Safe Online". Retrieved 13 April 2017.
  14. Moore, Alexis; Edwards, Laurie (2014). Cyber Self-Defense: Expert Advice to Avoid Online Predators, Identity Theft, and Cyberbullying. Rowman & Littlefield. ISBN 9781493015429.
  15. Seay, Gary. "4 Keys to Cyber Security Self-Defense". Retrieved 13 April 2017.
  16. Barrett, Brian. "Flash. Must. Die". WIRED. Retrieved 13 April 2017.
  17. Whittaker, Zack. "13 new vulnerabilities? You should disable or uninstall Adobe Flash | ZDNet". ZDNet. Retrieved 13 April 2017.
  18. Stoner, Daniel. "Hackers Love IoT Products: Here's How to Keep Them Out". Safety Detective. Retrieved 2018-11-22.
  19. Tiwari, Mohit (April 2017). "INTRUSION DETECTION SYSTEM". International Journal of Technical Research and Applications 5(2):2320-8163. Retrieved 22 April 2019.
  20. Chesney, Robert (29 May 2013). "International Law and Private Actor Active Cyber Defensive Measures". Lawfare. Retrieved 13 April 2017.
  21. Brown, Megan L. (September 6, 2018). "Authorizing Private Hackback Would Be a Wild West for Cybersecurity". Law.com. Retrieved 7 September 2018.
  22. Waxman, Matthew C. (19 March 2013). "Self-Defensive Force Against Cyber Attacks: Legal, Strategic and Political Dimensions". SSRN 2235838. Cite journal requires |journal= (help)
  23. Hawkins, Garrett. "Rep. Tom Graves Proposes Cyber Self Defense Bill". www.thedallasnewera.com. Retrieved 13 April 2017.
  24. "'Self-Defense' Bill Would Allow Victims to Hack Back". Retrieved 13 April 2017.
This article is issued from Wikipedia. The text is licensed under Creative Commons - Attribution - Sharealike. Additional terms may apply for the media files.