Page 4 Test
Immediate System Lockdown
This option involves shutting down critical parts of the trading system to prevent further unauthorized access. The lockdown would be targeted at systems identified as compromised or at high risk. The implementation time is 1 hour and the technical risk is low to moderate.
Advantages
- prevents any further unauthorized transactions or data exfiltration assuming the APT have not already engineered an egress path out of your control
- limits the spread of the attack within the network
Disadvantages
- may cause significant disruption to trading activities, potentially affecting market stability
- risks financial losses due to halted trading operations
Selective Network Segmentation
This strategy involves isolating sections of the network that are believed to be compromised, allowing parts of the system to continue operating while affected areas are dealt with. The implementation time is 2-3 hours and the technical risk is moderate, due to the need for precise network mapping and execution.
Advantages
- minimizes disruption to the overall trading system while addressing security breaches
- enhances the ability to monitor and contain the threat within segmented areas
Disadvantages
- complex to implement quickly; requires detailed knowledge of network architecture
- may not completely isolate the threat if lateral movement of the APT is not fully understood
Enhanced Real-Time Monitoring
Your approach is to upgrade system monitoring tools and protocols to detect unusual activities more efficiently and effectively, focusing on the most critical areas of the network and trading systems. The implementation time is 2 days and the technical risk is moderate to high to achieve the desired level of efficacy and using a streamlined deployment and systems integration approach.
Advantages
- increases the likelihood of detecting new threats or unusual patterns as they occur
- provides continuous data that can aid in swift response and future threat prevention
Disadvantages
- resource-intensive, requiring significant computational power and specialized personnel
- may generate false positives leading to unnecessary alarms and resource usage
Strategic Decoy Systems
This strategy involves setting up decoy servers or databases (i.e. honeypots) to mislead attackers into targeting non-critical system parts, thereby protecting valuable data and gathering intelligence on their methods. The implementation time is 2-3 days and the technical risk is high, due to the complexity of creating convincing decoys that are effective against sophisticated threats.
Advantages
- provides actionable intelligence on adversary methods, enhancing security measures
- can distract attackers from genuine targets, reducing risk to critical assets
Disadvantages
- requires resources to set up and maintain, potentially diverting attention from other critical security efforts
- only a temporary solution; does not eliminate the threat
Zero Trust Architecture
This option involves transitioning the LSE’s cybersecurity framework to a Zero Trust model, where no entity inside or outside the network is trusted by default. All access requests are verified rigorously before granting access, ensuring that security is maintained through continuous validation of both credentials and device health. The implementation will take place incrementally over 3-6 months and the technical risk is assessed moderate to high due to the comprehensive changes required in both infrastructure and operational procedures.
Advantages
- Zero Trust minimizes unauthorized access by requiring continuous verification for all access attempts.
- Effectively adapts to evolving cyber threats and integrates new security technologies effectively.
Disadvantages
- An implementation requiring extensive changes to network and security policies, making it complex and time-consuming.
- Transitioning to Zero Trust can disrupt employee workflows and system access during implementation.
AI-Enabled Threat Hunting
This approach leverages a combination of advanced threat hunting by cybersecurity experts and AI-driven automated defence systems to detect, respond, and neutralize threats in real time. Threat hunters use AI-enhanced tools to conduct deep investigations into potential malicious activity while automated defense mechanisms respond to and contain threats as they are identified.
Advantages:
- proactive detection by actively hunting for threats, identifying and neutralizing malicious actors before significant damage is done.
- automated response with AI systems can contain and respond to threats instantly, minimizing delay and human error
Disadvantages:
- complex integration requires sophisticated integration between AI tools and human operations, which can be resource-intensive
- potential for false positives with automated systems, necessitating manual oversight and intervention.