Describe basic mitigation strategies

Completed

You've learned that there are many different types of cyberattack. But how do you defend your organization against cybercriminals? There are several different ways that you can keep cyberattackers at bay, from multifactor authentication to improved browser security, and by informing and educating users.

What is a mitigation strategy?

A mitigation strategy is a measure or collection of steps that an organization takes to prevent or defend against a cyberattack. This is usually done by implementing technological and organizational policies and processes designed to protect against attacks. Here are some of the many different mitigation strategies available to an organization:

Multifactor authentication

Traditionally, if someone's password or username is compromised, this allows a cybercriminal to gain control of the account. But multifactor authentication was introduced to combat this.

Multifactor authentication works by requiring a user to provide multiple forms of identification to verify that they are who they claim to be. The most common form of identification used to verify or authenticate a user is a password. This represents something the user knows.

Two other authentication methods provide something the user is, such as a fingerprint or retinal scan (a biometric form of authentication), or provide something the user has, such as a phone, hardware key, or other trusted device. Multifactor authentication employs two or more of these forms of proof to verify a valid user.

For example, a bank might require a user to provide security codes sent to their mobile device, in addition to their username and password, to access their online account.

Browser security

We all rely on browsers to access the internet to work and carry out our daily tasks. As you've learned earlier, attackers can compromise poorly secured browsers. A user might download a malicious file or install a malicious add-on that can compromise the browser, the device and even propagate itself into an organization's systems. Organizations can protect against these types of attacks by implementing security policies that:

  • Prevent the installation of unauthorized browser extensions or add-ons.
  • Only allow permitted browsers to be installed on devices.
  • Block certain sites using web content filters.
  • Keep browsers up to date.

Educate users

Social engineering attacks rely on the vulnerabilities of humans to cause harm. Organizations can defend against social engineering attacks by educating their staff. Users should learn how to recognize malicious content they receive or encounter, and know what to do when they spot something suspicious. For example, organizations can teach users to:

  • Identify suspicious elements in a message.
  • Never respond to external requests for personal information.
  • Lock devices when they're not in use.
  • Only store, share, and remove data according to the organization's policies.

Threat intelligence

The threat landscape can be vast. Organizations might have many attack vectors that are all possible targets for cybercriminals. This means that organizations need to take as many measures as possible to monitor, prevent, defend against attacks, and even identify possible vulnerabilities before cybercriminals use them to carry out attacks. In short, they need to use threat intelligence.

Threat intelligence enables an organization to collect systems information, details about vulnerabilities, information on attacks, and more. Based on its understanding of this information, the organization can then implement policies for security, devices, user access, and more, to defend against cyberattacks. The collection of information to gain insights, and respond to cyberattacks, is known as threat intelligence.

Organizations can use technological solutions to implement threat intelligence across their systems. These are often threat intelligent solutions that can automatically collect information, and even hunt and respond to attacks and vulnerabilities.

These are just some of the mitigation strategies that organizations can take to protect against cyberattacks. Mitigation strategies enable an organization to take a robust approach to cybersecurity. This will ultimately protect the confidentiality, integrity, and availability of information.