Using Travelers Cyber Readiness Practices to Defend Against the Three P’s

Defending Against the 3 P's

As cyber threats continue to evolve, organizations of all types and sizes are targeted by increasingly sophisticated attacks. Ransomware attacks alone have evolved to include multiple extortion techniques to entice their victims to pay. These new methods of attack often include threats to publish stolen sensitive information, launching denial of services attacks, informing the victim’s customers, partners or shareholders of an attack and even threatening the victim’s employees.

Presence, Permissions, Persistence

With so many means of attack available to cyber threat actors, organization and IT leaders must understand how attacks happen. For an attack to be successful, the attacker must:

1. Gain access to have a presence on a system.
2. Acquire the necessary user permissions to execute the attack.
3. Use persistence to conceal their activities for as long as it takes to execute the attack.

Presence

The most common ways attackers infiltrate a system is by exploiting a vulnerability. The vulnerability may, for example, be a flawed software application that an attacker can exploit to gain access, a misconfigured firewall or an unsuspecting authorized user who clicks a link in an email that surreptitiously installs malicious software that opens a back door for the attacker. Once an attacker has connected to a system, their next step is to find a user account that has the level of permissions required to launch the attack.

Permissions

Attackers typically want admin-level account access. This is an administrator or privileged user account(s) used by an organization’s IT professionals to manage the environment. These are the accounts with the power to create or disable user accounts, reset passwords, install software, configure servers, etc. That’s why they are so desirable to attackers, who need these elevated permissions to create hidden accounts, install malware, move throughout a network and exfiltrate files.

Persistence

A successful cyberattack can be a labor-intensive effort that requires patience and attention to detail. It must be executed under the radar, so attackers try not to use known malicious software that an antivirus tool might detect. As a result, they frequently gain access to a system using the same tools that a legitimate administrator might use to navigate within a network, launch software, copy files, etc.

Prevention or disruption of any of the Three P’s can save your company from an incident. That is why the Travelers Institute promotes widespread use of the five cyber readiness practices championed by Travelers.

1. Implement multifactor authentication (MFA)
2. Keep systems up to date
3. Use endpoint detection and response (EDR)
4. Have an incident response (IR) plan
5. Back up data

Having knowledge of the five cyber readiness practices is not enough. Putting these safety measures into practice to help protect your networks, devices and valuable data is crucial. Good cyber hygiene practices should be ongoing and evolve to meet the needs of your organization.