Countermeasures
Now, you’re going to look at some technical countermeasures that can be used to mitigate the risks to IT systems.
As you read through, reflect on how these measures have been or could be used in both your personal or organisation’s cybersecurity set-up.
Cyber-attack countermeasures
Figure 1: countermeasures
Antivirus products
Every computer system in an organisation should have an antivirus product installed and this should be updated when patches or new signatures are released to ensure it can detect and prevent the spread of new malware. But remember, just because you’ve installed antivirus software it doesn’t guarantee safety from infection, particularly from zero-day attacks.
A zero day or a day zero attack is the term used to describe the threat of an unknown security vulnerability in a computer's software or application for which either the patch has not been released, the application developers were unaware of, or did not have sufficient time to address.
Firewalls
Many antivirus products come with embedded personal firewalls and Microsoft Windows comes with its own firewall. The firewall should be switched on to help prevent unwanted communication to and from client machines.
Boundary controls
Boundary controls are used to control traffic in and out of the network, particularly email and web traffic. They are able to monitor and identify any unauthorised communications to stop those that may cause harm.
Import/export controls
These are associated with boundary controls. They permit only designated, trusted users to import or export programs or data on removable media such as USB sticks. This may involve special training and clearance. Import/export controls use a combination of antivirus and content checking technologies to ensure data or programs can be imported and exported safely.
Intrusion detection systems and intrusion prevention
Intrusion detection systems detect possible attacks by signature matching or anomalous behaviour, while intrusion prevention systems can prevent as well as detect attacks. They require expert management and are typically only implemented in larger organisations due to their cost.
One possible risk with these countermeasures is misidentifying ‘normal’ behaviour. This can lead to false positives – the misidentification of legitimate behaviour as malicious. As a result, legitimate activity gets blocked, causing a denial of service.
Application control technologies
These are used to prohibit users from executing unauthorised code on a system. If a user downloads malware to their system, the application control technology would stop the code being executed. The Windows operating system comes with a feature called AppLocker that provides this level of protection.
In this course on malicious software, you will learn about the various types of malicious code in detail, contrast the different types before looking at look at the countermeasures used to combat them. You’ll also encounter non-technical controls and see the OWASP top 10 security threats.
A world-leading tech and digital skills organization, we help many of the world’s leading companies to build their tech and digital capabilities via our range of world-class training courses, reskilling bootcamps, work-based learning programs, and apprenticeships. We also create bespoke solutions, blending elements to meet specific client needs.