Government agencies and enterprises alike invest heavily in network security by implementing the appropriate processes, hiring appropriately trained staff, and procuring the appropriate technology. Despite all this, they all quietly admit that they expect to suffer network breaches in the face of continued cyber attacks. So what else can they do to protect their organizations?

According to Joshua Knust, Cyber Threat Specialist, Office of The Director, National Institutes of Health, to really mount a successful network defense requires another step – placing the effort to understand your adversary.

Knust spoke at Guidance Software’s Federal Summit held in Arlington, VA earlier this month. The theme of the one-day thought-leadership event was “a focus on data visibility,” and it brought together top federal agency officials in charge of cyber security, e-discovery and digital investigations to discuss how they locate, manage and secure data in order to ensure compliance, reduce risk and secure organization assets.

Knust argued that the primary object of daily security operations should be to gather actionable information on attackers based on previous breaches and to use such information to help focus the security resources on the most valuable and highly targeted problem areas.

One way to attempt to understand the mind of the attacker is to identify, with the help of incident response technology, the types of files that were targeted or stolen, as such information may provide insights into the motives of the attacker.  Incident response and forensic investigations technology provide another way to learn more about the adversary’s motives through tracking the virtual path the attacker took across different network assets and correlating such information against previous breaches.

However, despite all the intelligence security staff can gather about the attackers’ motives, Knust offered one key warning: security starts with an organization’s employees, and as long they fall victims of phishing attacks, breaches will continue to be a major issue. Thus, empowering employees through frequent and rigorous education on how to detect such phishing attacks plays a very important role to that organization’s defense against cyber attackers.

Knust summarized by saying that creating a well thought out plan, implementing innovative security measures, and understanding how adversaries think provide a good combination of proactive defenses against network attacks. While not all intrusions can be prevented, cyber response and digital investigations technology provide critical insights into how the adversary works so that future attacks can be effectively repulsed.