Connect with us

Hi, what are you looking for?

SecurityWeekSecurityWeek

Cybercrime

Gaining OPSEC Resilience with Cyber Situational Awareness

Throughout history Operations Security (OPSEC) has been a key tactic used by commercial and military organizations to protect privacy and anonymity. When done well, it denies adversaries information they could use to do harm to an organization or individual. But criminals also use OPSEC as a means to an end – avoiding detection, maintaining availability of their attack infrastructure, and retaining access to environments they have compromised. 

Throughout history Operations Security (OPSEC) has been a key tactic used by commercial and military organizations to protect privacy and anonymity. When done well, it denies adversaries information they could use to do harm to an organization or individual. But criminals also use OPSEC as a means to an end – avoiding detection, maintaining availability of their attack infrastructure, and retaining access to environments they have compromised. 

Lapses in OPSEC can have significant implications for defenders and attackers alike. All too often organizations unknowingly expose confidential information that significantly increases risks. In some cases organizations leak details that are used to fuel social engineering attacks against their staff and, in other cases, sensitive documents are publicly exposed and put their brand at risk. Adversaries stand to lose from poor OPSEC as well. Dridex botnet operator Andrey Ghinkul associated his nickname – “Smilex” – with his real name, providing law enforcement a valuable clue in their investigation. 

As a defender, you can capitalize on weak attacker OPSEC to strengthen your security posture. Cyber situational awareness can provide insights into the people, processes and technology your adversaries use and turn those into an advantage. As in the Dridex example, humans can represent the most challenging element of OPSEC; a careless error can reveal their identity. The processes attackers use to retain privacy and anonymity, such as adopting aliases or conducting reconnaissance and lateral movement staging, can also tip you off to suspicious behavior. Knowledge of the technologies adversaries adopt to conduct operations – secure operating systems such as WHONIX and TAILS, anonymization networks like TOR, email encryption using PGP, and digital currencies like Bitcoin and WebMoney – can also give you an edge. When combined and analyzed, these insights can help you prevent and detect malicious activity as well as accelerate investigations when a breach happens.

Conversely, to prevent adversaries from gaining information about your organization that they can use to their advantage, a tailored, flexible OPSEC program should be the cornerstone of your strategy. The National Operations Security Program Process provides a five-step OPSEC program that defenders can use to mature their OPSEC capabilities. These steps include:

1. Identification of critical information – Start by identifying critical business functions, which will lead you to the “crown jewels.” Be sure to include seemingly innocuous information that could be aggregated with other information to put this critical information at risk.

2. Analysis of threats – Now you can begin to understand the relevant threats to your organization including their motivations and tactics, techniques and procedures (TTPs). The less mature an adversary’s OPSEC, the more details you can glean; you can benefit from this.

3. Analysis of vulnerabilities – Vulnerability scanning solutions are essential in this step. But you must also consider weaknesses in people and process that could ultimately lead to confidential or proprietary information being leaked, or other information that adversaries could use to target key executives.

4. Assessment of risks – With this breadth of the information you can now make smarter decisions about how to apply limited resources to the most significant internal and external threats.

Advertisement. Scroll to continue reading.

5. Application of appropriate countermeasures – Armed with better insight into risks you can take measures to strengthen controls. For example, specific security awareness training, updating data loss prevention solutions to prevent leakage of high-value data at risk, or changing processes to require multiple authorizations for certain activities.

Because the state of your critical information, the threat landscape and your business models continue to evolve, your OPSEC program should as well. Cyber situational awareness can help you build resilience into your OPSEC program by enabling you to plan for several types of scenarios. For example, if you get an indication that you are going to be targeted, your OPSEC program needs to be able to proactively and reactively respond to adversaries. You need to be able to provide ad-hoc security awareness training to staff expected to be the most likely targets. Your incident response program needs to feed into the program so you can provide specific training and monitoring during an intrusion. 

There are also several types of business events that will require you to increase your OPSEC levels, including new product launches, mergers and acquisitions, or expansion into new regions. For each of these events, you will need to expand your monitoring until the business event has been successfully executed. Internal monitoring could be strengthened to include increased logging on individuals and assets. External monitoring might focus on product keywords, project code words, key staff members and adversaries known to target these types of scenarios. 

Cyber situational awareness lets you use OPSEC to your advantage. By gaining visibility into your digital footprint and that of your attackers, you can implement tailored OPSEC practices that can deny or delay an adversary’s ability to do your organization harm. With this level of context and awareness you can make decisions and investments that maximize your resources and strengthen your organization’s security posture. 

Written By

Alastair Paterson is the CEO and co-founder of Harmonic Security, enabling companies to adopt Generative AI without risk to their sensitive data. Prior to this he co-founded and was CEO of the cyber security company Digital Shadows from its inception in 2011 until its acquisition by ReliaQuest/KKR for $160m in July 2022. Alastair led the company to become an international, industry-recognised leader in threat intelligence and digital risk protection.

Click to comment

Trending

Daily Briefing Newsletter

Subscribe to the SecurityWeek Email Briefing to stay informed on the latest threats, trends, and technology, along with insightful columns from industry experts.

Understand how to go beyond effectively communicating new security strategies and recommendations.

Register

Join us for an in depth exploration of the critical nature of software and vendor supply chain security issues with a focus on understanding how attacks against identity infrastructure come with major cascading effects.

Register

Expert Insights

Related Content

Application Security

Cycode, a startup that provides solutions for protecting software source code, emerged from stealth mode on Tuesday with $4.6 million in seed funding.

Cybercrime

The changing nature of what we still generally call ransomware will continue through 2023, driven by three primary conditions.

Cybercrime

As it evolves, web3 will contain and increase all the security issues of web2 – and perhaps add a few more.

Cybercrime

A recently disclosed vBulletin vulnerability, which had a zero-day status for roughly two days last week, was exploited in a hacker attack targeting the...

Cybercrime

Luxury retailer Neiman Marcus Group informed some customers last week that their online accounts had been breached by hackers.

Risk Management

The supply chain threat is directly linked to attack surface management, but the supply chain must be known and understood before it can be...

Cybercrime

Zendesk is informing customers about a data breach that started with an SMS phishing campaign targeting the company’s employees.

Artificial Intelligence

The release of OpenAI’s ChatGPT in late 2022 has demonstrated the potential of AI for both good and bad.