In a number of recent attacks (HAFNIUM, the Colonial Pipeline attack, the Solarwinds Attack last year) we keep seeing the Endpoint coming out as the point of weakness for many security organizations.
Knowing this, how should you prepare your organization for success? Well... in a lot of ways not much has changed. These threats vectors (zero-day attack, supply side attack, and ransomware attack) have existed for years now. None of these were new types of attacks, even if they were more specifically tailored to the current threat landscape and security technologies of today. This means that in a lot of ways... these attacks were preventable.
Which isn't a conversation you want to be having with your stockholders, your customers, or your bank when you get hit by an attack that could have been stopped with precautions and technologies available commercially today.
That isn't to say that these attacks were easy to catch, or that they weren't extremely sophisticated in their execution. They were. The issue is that many of the solutions to the areas of weakness these attacks cover tend to be a combination of several factors:
End user awareness - If your end users are trained and what is / is not an acceptable security practice, half of the problem goes away. Having strong security culture can avoid many problems and drive by attacks that are typical components of a concerted attack by a hacker or malicious attacker.
Security Threat Response - This is where MDR solutions, or strong security response policy can make a difference. Creating a process for handling new applications being allowed access in a security environment, analyzing permissions, looking at the points of weakness / pros & cons of allowing or blocking applications are all key to protecting from some of these threats.
Remediation Practices - How do you remediate problems? Do you check your backups? Do you test your security policy and practices? How do you audit yourself? You test new patches, new systems, and new employees - do you test your security? Sometimes you just need to kick the tires of your security technologies to make sure they are performing up to standard.
I find myself saying the same thing in regards to many of these security threats on a regular basis - but what many security threats come down to isn't the hottest technology, or the most money spent... but the most money spent efficiently and the best practices that account for human error and technology failure.
Plan for success, but also have a plan for when things fail. IF you have a strong plan in place to account for the security failures at different points of your security architecture, your organization won't be overwhelmed by a dedicated hacker or malicious attack when they manage to penetrate a layer of your security precautions.