The cyber threat landscape is constantly evolving due to numerous factors. As threat actors grow more practiced, they develop more sophisticated attacks. The rise of artificial intelligence (AI) also makes it easier to perform various attacks and scale cybercrime operations.
As a result, companies are continuously targeted by sophisticated cyberattacks. Eventually, a sufficiently determined attacker will find a gap in an organization’s defenses that they can exploit to gain access.
For this reason, the best approach to securing the business against cyberattacks is “assuming breach.” Operating from this assumption, the organization can develop security processes and tools that allow it to manage its risk exposure even if an attacker is present in their network.
Key Elements of an “Assume Breach” Security Architecture
The “assume breach” security mindset is based on the belief that an attacker is already within an organization’s systems and that the company needs to respond and recover from that. Some elements of a security architecture designed to address this include:
Defense in Depth: The principle of defense in depth says that an organization should have multiple methods of detecting or preventing a particular threat. This way, if the first line of defense is breached, the company still has a means of identifying and managing an intrusion.
Zero Trust: The Zero Trust security model removes the implicit trust of the traditional “castle and moat” approach to defense, where the perimeter is defended and all insiders are assumed to be legitimate. With Zero Trust, all access requests are independently validated, regardless of whether they originated inside or outside of the organization.
Segmentation and Containment: In addition to a perimeter firewall, an organization should also implement network segmentation or microsegmentation, breaking the network into multiple, isolated segments. This provides internal visibility, defends against lateral movement by threats, and is essential to implement Zero Trust.
Continuous Monitoring: Cyberattacks can happen at any time, and an organization needs to be prepared to identify and respond promptly to minimize damage. Continuous monitoring enables incident detection and response in real time.
Assuming Breach in Web2 and Web3 Environments
Many crypto projects span both the Web2 and Web3 spaces. In addition to smart contracts, teams also have backend systems, infrastructure, and processes that can be targeted by an attacker.
When designing breach-resilient security programs, it’s essential to implement security best practices for Web2 and Web3 alike.
Key elements of a Web2 security strategy include:
Access Control: Web2 environments can contain many key elements of an organization’s infrastructure, such as development environments, credential storage, and sensitive internal documentation. These environments should implement network segmentation and strong access controls..
Least Privilege Access: Excessive permissions are a common security risk since an attacker with access to a highly privileged account can abuse its access to cause harm to a project. Users, apps, and devices should be assigned permissions in accordance with the principle of least privilege, which states that they should have the minimum access required for their role.
Logging and Monitoring: Lack of security visibility can allow an attacker to access and move through an organization’s environment without detection. Robust logging and auditing of user activities provide the data needed to identify and respond to potential intrusions.
Automated Incident Response: Cyberattacks can be executed very quickly, and the immutable nature of the blockchain makes prevention and rapid response essential for risk management. Automating incident response processes gives the project the chance to neutralize a threat before an attack can be carried out.
Web3 faces its own unique security risks that must be addressed. Some key elements of a breach-resistant Web3 security program include:
Upgradeable Smart Contracts: Blockchain immutability means that smart contracts can’t be changed after they’re launched, even if something goes wrong. Implementing smart contracts to be upgradeable using proxy contracts allows the organization to make necessary changes in the event of a breach.
Multi-Sig or MPC Wallets: Compromised private keys are a common attack vector in DeFi hacks because they allow the attacker to perform transactions using the compromised account, stealing crypto and abusing permissions. Multi-sig and MPC wallets are essential to managing account takeover risk since they require an attacker to steal multiple keys to be successful.
Transaction Simulation and Validation: DeFi hackers commonly use social engineering or compromised software to carry out their attacks. For example, the Bybit hack involved a malicious version of the frontend software used to manage a multi-sig wallet. Simulating transactions before executing them helps to ensure that the actions that a user plans to take are actually what happens when the code is executed on-chain.
On-Chain Contract Monitoring: Smart contract hacks often take time to perform as an attacker exploits a vulnerability multiple times or drains different types of tokens from a compromised account. Real-time visibility into contract activities enables a project to identify anomalous transactions and act swiftly to minimize the cost of a breach.
Tips for Implementing “Assume Breach” Security
Implementing a security program that assumes that the organization is breached and is resilient against this can be difficult. Some steps to help your organization move toward this point include:
Red Teaming and Threat Modeling: Red teaming and threat modeling exercises examine potential threats and a project’s exposure to them. Performing these exercises regularly enables the organization to identify and close potential security gaps before an attacker can exploit them.
Design Playbooks That Assume Breach: Incident response processes and playbooks may be ineffective if an attacker can access or control critical systems. Designing and implementing processes that ensure security in the face of an ongoing breach enhances project security.
Address Specific Threats: Certain types of attacks, such as compromised keys, ransomware, or data exfiltration, are more likely to cause harm to Web3 projects. Implementing security processes and defenses against these specific incidents ensures that the organization is prepared to manage them.
Halborn has extensive security experience in the Web2 and Web3 spaces and offers advisory services designed to help projects design and implement security programs that provide protection against top threats and meet regulatory requirements. For help with ensuring that your organization can weather a security incident, get in touch with Halborn.