Cyber Intelligence. PHOTO: Cybercrime Magazine.

The Three Pillars Of Cyber Defense In The New ‘Digital Normal’

Best practices for CISOs and cybersecurity teams

Kumar Ritesh, founder and CEO of CYFIRMA

Singapore – Nov. 23, 2020

According to CYFIRMA research, cyberattacks have increased over 600 percent in the first half of the year alone while ransomware attacks have also seen an uptick of 120 percent in the last ten months.

In the new ‘digital normal,’ traditional perimeter defense is proving to be no match against the influx of cyberthreats coming from all directions.

Many businesses do not have a clear view of their attack surfaces, and even less understanding of their digital risk. Without the guidance of quality cyber-intelligence, they are driving blind.

To turn the tide on cyberattacks, businesses need to be able to dissect a cyberthreat and evaluate their risk exposure; this requires understanding who the adversaries are and connecting the dots between campaigns and methods.

To ensure cyber posture remains strong even as businesses accelerate their transformation and extend their digital footprint, we recommend organizations take a holistic approach where they must be able to identify their potential attack surfaces, map out their digital risk profile, and use cyber-intelligence to accurately predict imminent attacks.

Cybercrime Radio: Kumar Ritesh, founder & CEO of CYFIRMA

DeCYFIR, a cloud-based, AI-powered cybersecurity platform

Pillar 1 – Know your attack surface

“You can’t defend what you can’t see, and you definitely can’t protect what you don’t realize you have” — this adage is particularly true in the world of cybersecurity. Attack surfaces are better represented as doors and windows that intruders may gain entry to your home. The COVID-19 pandemic has brought about a torrent of attack surfaces when employees turn to remote working. Unprotected and porous home networks, unsecured web applications and cloud services, combined with poor cybersecurity maturity and awareness among teleworkers have created millions of new attack surfaces almost overnight.

Organizations whose data management strategies are not comprehensive will face an uphill task figuring out how their data is segmented and tiered, how it is transported, where it sits at rest and who has rights to access which data. The entire journey of how data flows in and out of the organization into employees, suppliers, partners, and clients presents many potential attack points for hackers.

Potential attack surfaces are created whenever a device, software, or application is made accessible via the internet. According to Gartner, by 2020, 6 billion devices will be connected to the internet, and these include laptops, phones and IoT appliances.

Attack surfaces also include people — the millions of remote workers who are part of the cybersecurity chain. With insufficient knowledge on cyber safety, many employees are susceptible to social engineering tactics, falling prey to phishing campaigns.

Pillar 2 – Know Your Digital Risk Profile

To protect an organization’s crown jewels, getting a comprehensive view of its digital risk profile is of paramount importance. Digital risks are like the ‘keys’ to the house. Once the risks are realized (‘keys stolen’) hackers would gain access to networks and data. There are five types of digital risk businesses must mitigate to prevent data and assets from being compromised.

  • Impersonation and Infringement 

Organizations must obtain a complete view of all their online entities and digital footprints, and be aware of any imitation of their assets, products, or brand. Threat actors masquerading or copying the company’s domain name as well as impersonating its key personnel are indicators of impending phishing campaigns. Brand infringement points to corporate espionage and can result in loss of customers’ trust and confidence. Early detection is of utmost importance as the business impact can be devastating.

  • Data Breach Monitoring 

According to a report by IBM, companies take almost 200 days to discover they have been breached. The longer it takes for victim organizations to realize that they have been hacked, the higher the cost of the breach. Containing a breach in under 30 days can save companies more than $1 million in comparison to those who take longer.

It is therefore critical any data breach must be identified at the earliest so remediation and corrective actions can be taken. Tools that detect anomalous user behavior can also aid in early detection of any data breach. The organization’s vulnerabilities such as unpatched legacy software and other assets should be identified. This will help pinpoint the type of data such as confidential files, employees’ identities, or passwords that could potentially be leaked.

  • Vulnerabilities Exposed

Vulnerabilities create potential attack vectors which an intruder can use to inject malicious code or access a target system’s resources. To build a comprehensive risk profile, identify all vulnerabilities in the organization’s IT infrastructure and weaknesses in software, applications, and cloud services.

It is also essential to include third-party contractors and partners as they could create additional vulnerabilities by unknowingly exposing the organization’s sensitive data.

  • Dark Web Exposure

It is imperative to be fully cognizant of any mention of the company by hackers in the dark web. IP addresses and any leaked assets such as email addresses, PII, CII, FII data belonging to the company that are sold in dark web marketplaces must also be uncovered quickly. Stolen data is monetized by hacking groups and can proliferate quickly from one threat actor to another. 

  • Social Media and Surface Web Exposure

Identify any digital risk exposure in social media and surface web — watch out for look-alike domains, spoofed social media handlers, and imitation logos. Be aware of social sentiments related to newly discovered vulnerabilities and determine if they have a critical impact to the business.

Pillar 3 – Predictive and Personalized Cyber-Intelligence

Use cyber-intelligence to stay informed of your evolving threat landscape. By obtaining personalized and predictive insights, you can stay ahead of your cyber adversaries and take actions before an actual attack occurs. Ensure your threat intelligence provides sufficient contextual info covering hacker, campaign, and method. For threat intel to be effective, these insights must be tailored to your organization’s industry, geography, and technology.

Quality cyber-intelligence includes strategic, management and operation insights. This ensures the intel can be consumed effectively across functions and the hierarchy of any organization.

To successfully thwart a cyberattack, remediation actions need to be clearly prioritized so that the cyber defense team’s resources are optimized to handle the most critical threat first.

Knowing your attack surface, understanding your digital risk profile, and utilizing predictive and personalized cyber-intelligence are the essential steps to stop cyber threats from becoming actual attacks. With the three pillars working in tandem, you are empowered to visualize and contain risk.

Equipped with quality cyber-intelligence, you can rapidly automate, prioritize, and take the right actions to close security gaps.

CYFIRMA Archives

Kumar Ritesh is the Founder and CEO of CYFIRMA


Headquartered in Singapore and Tokyo, CYFIRMA is a leading threat discovery and cybersecurity platform company. Its cloud-based AI and ML-powered cyber intelligence analytics platform helps organizations proactively identify potential threats at the planningstage of cyberattacks, offers deep insights into their cyber landscape, and amplifies preparedness by keeping the organization’s cybersecurity posture up-to-date, resilient, and ready against upcoming attacks.

CYFIRMA works with many Fortune 500 companies. The company has offices and teams located in Singapore, Japan and India.