Achieving complete immunity against network intrusion is increasingly unrealistic due to rapid technological change and business growth. As organisations grow through mergers, acquisitions and divestments, their IT landscape inevitably becomes more complex as they take in a diverse mix of new, established and legacy systems from various suppliers. This complexity hinders visibility, creating blind spots that attackers can exploit.  

In this complex, blurred environment with increased attack surfaces, there are many places where ‘evil’ can hide. The most efficient way to manage this is to ‘assume breach’ and form cyber security strategies based on the assumption that bad actors will penetrate your defences.

Here are our six recommendations to build your operational resilience against evolving cyber threats:

1. Understand user personas

As IT has proliferated, the number of accounts with access privileges to data and systems has also surged, making it increasingly difficult to apply a ‘least privilege’ control approach. Cyber criminals exploit overly permissive access to penetrate systems, escalate account privileges and move laterally across networks.

Many organisations are blind to an attacker's activity due to the complexity of managing identities. However, it’s critical to understand your users and implement effective identity and access mechanisms. High-confidence audits, reporting and alerts can help detect malicious behaviour early and remove attackers swiftly, minimising the impact of a breach.

2. Know your assets

Many organisations are unaware of all the assets on their network, let alone their version status. This visibility gap can delay their ability to respond quickly, making it difficult to track down the assets affected and establish their patching status.

You can optimise your asset management and effectively defend your devices by assessing your asset lifecycle strategy. This involves regularly updating your asset or configuration database, scanning for software versions to identify vulnerabilities and promptly implementing a strong risk-based patching strategy to resolve those vulnerabilities.

3. Implement modern endpoint tooling

Testing your defences against real-world scenarios can be incredibly useful in revealing weaknesses and inefficiencies. Endpoint Detection and Response (EDR) solutions combine next-gen antivirus, threat hunting and threat intelligence to analyse events and identify malicious behaviour on end-point devices. EDR provides visibility of adversary actions in real-time and retrospectively, allowing Security Operations Centre teams to identify attack points.

4. Restrict lateral movement

To minimise the impact of cyber breaches, limit how far a bad actor can roam around your systems. Adopting a Zero Trust model with frequent access verification and using network and micro-segmentation tools can restrict access and shut down unchallenged lateral movement.

Each cloud provider offers native tools for segmenting workloads and compute tasks but configuring them can be difficult and time-consuming. Regularly review your architecture with professional support if needed and use assurance tools or specialist scripting tools to validate your plans.

5. Detect threats systematically

SIEM (Security Information and Event Management) is effective for rapid threat detection, but proper deployment and fine-tuning are fundamental, and adopting a systematic approach is key. This involves SOC teams sharing threat actor information and mapping this knowledge to a standard classification structure such as Mitre ATT&CK®. This helps security teams identify coverage gaps and prioritise targeted remediation.

6. Build a strong cyber security culture

While tools and processes are essential, people are vital to effective security. Empowering users with relevant security skills, clear reporting pathways and a positive security culture can help organisations address vulnerabilities more effectively. Analysts should also be free to explore and apply their curiosity to enhance security. Automating routine tasks allows analysts to focus on investigating potential issues and strengthening the overall security posture.