Attackers are increasingly adapting to security features. Now they rely less on malicious programs and administrative tools built into operating systems, but use tools such as PowerShell to bypass security systems. Cyber advocates need to know that attackers are increasingly breaking the brink of branch offices or overseas office networks, they can use various methods to jump into the main network and use undisclosed vulnerabilities in public portals, such as resetting the password for portals. Ilyas described how cyber-defenders can prevent an invasion and minimize the impact:
1. There needs to be a mindset shift.
2. Know where there is a security risk.
3. Not enough data protection on the servers, because there are data e-mail, spreadsheet, browser password and session cookies.
4. Avoid single factor authentication, not just for the main VPN access, but whatever other public portals an organisation has, such as Outlook Web Access (OWA).
5. Consider advanced threat detection systems to get more context on threats.
6. Avoid burn out for cyber security administrators.
7. Pay attention to systems that have propagation capabilities.
8. Whitelisting security systems are not enough.
9. Monitor logs like you mean it, not just for compliance.
10. Invest in the threat of hunting programs for scanning proactive for attacking techniques, tactics and procedures. Stop the attackers before they complete the full attack.