Six steps for preventing and detecting a cyber-attack

  • Cyber-attacks on critical infrastructure are increasing and evolving
  • Some cyber security tactics apply to all industries despite any specific vulnerabilities to cyber-attack
  • Build a powerful force of defence with these six steps

Hundreds of new cyber threats are emerging every day as hackers become faster and more creative. While the nature and motivation of attacks vary, hackers generally take a seven-phase approach to planning and seizing command and control of operational technology (OT) and IT systems.

Knowing and understanding hacker strategies gives information security officers and their teams a basis on which to prepare to protect their critical infrastructure and corporate reputations. This preparation involves some common steps whatever industry-specific cyber vulnerabilities may exist, according to Trond Solberg, cyber security, DNV.

Just as it is possible to see cyber-attacks as a seven-phase process, we can define six steps to be ready when a hacker hacks, and to reduce the attack vector"

  • Trond Solberg
  • cyber security
  • DNV

“Just as it is possible to see cyber-attacks as a seven-phase process, we can define six steps to be ready when a hacker hacks, and to reduce the attack vector,” he said (Figure 1).


Preparing to succeed in the battle against hackers

Reinforce your cyber security awareness programme

Training an organization’s users and making them aware of what they can do to help protect the network can go a long way to enhancing the security of IT systems and operational technologies.

This involves communicating clearly and forcefully what the cyber threats and risks are, and describing the tell-tale signs of an attempted or actual hack that a company’s network users should look out for.

It is a good idea to put a positive spin on the messaging. If you tell people that 80% of people click on a malware link, then you are effectively telling them that the majority of people do it, and people do tend to follow the majority. So why not nuance the messaging to something like ‘good users don’t click on links like this’?

It is also important to know who the users are, when they normally log in, and from where, and to use this and other information about what is ‘normal’ to monitor the network for small anomalies.


Revisit architecture

The point here is to view the network like a hacker to see what weaknesses they would look for, and whether these vulnerabilities exist.

It pays for a cyber security team to be brutally honest with itself when doing this. Bringing in a third-party penetration tester to test network security can also help by adding an independent perspective as well as deep expertise and up-to-date insight on the types and strategies of cyber-attacks on the specific industry and systems involved.

When it comes to network configuration, it could be beneficial to consider micro-segmentation of the network, with each department or group on its own subnet. This will make it more difficult for a hacker to move around the network if they get past the firewall.


Know what is on your network

Good practice also involves mapping your organization’s networks, discovering all the devices connected to these, and knowing where the networks connect with each other and the internet.

Such connections, including between OT and IT, are becoming more common. OT and IT connectivity, and with the internet, is being driven by digitalization in many industries and industrial processes.

This ‘stocktaking’ of the company’s networks and connected devices also involves knowing the configuration of every router, switch, wireless access point, computer, printer and so on, that is connected to the network. An alert should be implemented when the configuration of even one of these devices changes.


Create and enforce robust cyber security policies and procedures

Cyber security can be like a physical safety protocol; once it is established it can start to degrade as people become more familiar with it and less mindful of ignoring it, and as the threat profile changes.

For example, if the company created cyber security policies and procedures two years ago, and has not updated them since, the procedures are most likely out of date.

Hence, organizations that are top performers for cyber security regularly review and update cyber security policies and procedures, then share and explain them to employees.


Patching and updating

Major software suppliers such as Microsoft, and other vendors, release security updates for a reason.

Microsoft does this not just so they can send customers an e-mail on ‘Patch Tuesday’. As soon as a company becomes aware of a security-related patch or update, it should make plans for when and how the patch will be implemented, and how to mitigate the risk while it waits to install the patch.

Updating does not apply solely to software as most people understand it. An increasing number of ‘smart’ digital devices such as sensors and cameras are being connected to OT-IT networks and the internet to enable greater automation of industrial processes and risk assessment. Equipment manufacturers frequently issue firmware updates to improve the performance and cyber security of hardware.


Detect unknown threats

This extends the point about needing to know who uses the network and what is connected to it.

Look for anomalies, new devices, or new hosts on the network. Due to its change management process and procedures, a company should be aware of any change on the network before it happens.

Hence, any change in a user’s sign-on activities should be questioned. Don’t be afraid of upsetting the users; they will be more upset if the organization gets hacked.


Read more about DNV cyber security services