Basic Security And Digital Situational Awareness

These principles were taught to me during an urban warfare and counterterrorism course in the military, where they focused on physical security. However, with a few small adjustments, they can also be directly applied to information security:

Be aware that a threat ALWAYS exist and that the target of that threat can be you.

It doesn’t matter if you don’t see it or if you don’t know of a certain vulnerability, they exist. In the world of information warfare and digital security you have to assume you have been penetrated and that someone is out to get you, all the time. Once you are aware of this you can prepare yourself to deal with it mentally, physically and technologically. Attackers can have a lot of reasons to target you, but regardless of the reason you can't' allow yourself to think that you have no sensitive information and that it will not happen to you. All it takes is for a script kiddy to find a simple vulnerability on your network and make your whole server farm part of a bot net. Stay vigilant and treat everything that enters your servers or computers as a potential threat. Handle it appropriately. Be especially cautious of low-tech attacks like social engineering since you could find yourself unknowingly sharing sensitive information with a stranger.

Make the environment work for you.

Controlling the environment is one of the most important aspects in physical security and it should be the same in the digital security world. Be aware of your surroundings: Each endpoint and the information stored in them, servers, connection channels between them, internal networks and how they allow external data to flow in, DMZs, firewalls and routers, external networks and failure points, points of connection to the internet, ISPs and backups (internal and off-site). By gaining a deep understanding of your environment and regularly conducting assessments and penetration tests, you can quickly identify and respond to even the most subtle changes, spotting potential or active threats with precision. A well-secured environment, supported by robust protective measures, makes it significantly more difficult for attackers to operate effectively within your system.

Red Team yourself.

Put yourself in the attacker’s shoes. If you were to breach your perimeter, knowing your defenses, how would you do it? If you can find a flaw, so can an attacker. Regularly test your defenses. Look at settings, configurations, detection tools, and more. Break your security into sections like a grid, and methodically check each part, starting from the outermost layers and moving inward. Once done, reverse the process: test from the inside out, simulating how an attacker would extract sensitive data.

Change your habits.

Habits play against you. An attacker can build and plan an attack based on these habits. If you are using a specific personal firewall or version of software, try changing it with the next install. If your IPs all follow a certain pattern for servers with internet connectivity and those kept out of the internet or the IPs are built in a way that might alert an attacker of what computers might have sensitive data, change it. Change the patterns, change the way you connect servers and other network elements.

Improvise, adapt and overcome.

Be aware of new threats and tendencies, adapt to them, prepare your defenses and overcome possible weak points. Have a plan, however imperfect it might be. Work towards building standard operating procedures that are semi-open-ended, so you can adapt them to the situation on the ground.

"Security is nigh near impossible. It’s extremely difficult to stop a determined adversary. Often the best you can do is discourage him, and maybe minimize the consequences when he does attack, and/or maximize your organization’s ability to bounce back (resiliency)."