Mitigation, or Attack Mitigation, is the reduction in severity or seriousness of an event. In cybersecurity, mitigation is centered around strategies to limit the impact of a threat against data in custody.
Threats against data can come from outside attackers motivated by profit, activism, retribution, or mischief. Insider threats may have the same motives but could be tied to workplace issues resulting in people abusing their access privileges to inflict harm. In either case, it is the responsibility of a data owner to protect data from misuse, disclosure, theft, unauthorized exposure, wrongful transmission, and so on while still making the data useful and available to conduct business. To that end, a mitigation strategy should be strict in accordance with risk appetites and realistic enough to allow for the licit use of the data by those authorized.
Mitigation strategies are used by many companies and public-sector entities to isolate and minimize the damage or impact of a threat until a problem can be counter-measured. As such, these strategies vary however theNational Security Agency (NSA) of the US Government utilizes a list of its Top 10 Cybersecurity Mitigation Strategies:
- Update and Upgrade Software Immediately
- Defend Privileges and Accounts
- Enforce Signed Software Execution Policies
- Exercise a System Recovery Plan
- Actively Manage Systems and Configurations
- Continuously Hunt for Network Intrusions
- Leverage Modern Hardware Security Features
- Segregate Networks Using Application-Aware Defenses
- Integrate Threat Reputation Services
- Transition to Multi-Factor Authentication
"Even though the government's systems were breached, the mitigation strategy in place prevented additional security incidents while appropriate countermeasures were implemented to answer the question of how to defend against future similar attacks."