Deterring cyber attacks should be an element of any organization’s cybersecurity strategy. Within the field of information security there are many types of security controls. The most common types of controls are physical controls, technical controls or logical controls, managerial controls and operational controls. Each of these security controls attempt to identify, prevent and deter cybersecurity intrusions into an organization’s network or digital infrastructure. These security controls are often used as elements of a robust cybersecurity policy in corporations and government organizations. Each type of control is designed to protect sensitive data in various ways from a multitude of threat actors and techniques. (Tropeano, 2019).
For example security controls such as mandatory access control result in the classification of data types based on their sensitivity. This is then used as a filter to determine which employees are able to access this information. This type of control can protect against unauthorized access and subsequent data leaks that may occur from such an event. This is a preventative action that in practice deters adversarial action against an organization. Additionally the use of a data loss prevention (DLP) program can be used as a technical control to prevent the unauthorized transmission of sensitive information out of an organization. This is a preventative measure that can deter both inadvertent and intentional leaks of data. Additionally a captive portal or a login banner with a warning about unauthorized access can server as a basic deterrent. However this is not likely to stop an advanced persistent threat from a nation state.
When developing a cybersecurity policy for an organization deterrence should be just one element of the strategy. The cybersecurity policy should include a layered security approach that leverages tools and techniques to identify, deter, quarantine, eradicate and reconstitute normal operations. Each of these objectives requires different tools, techniques and strategies to accomplish. At the national security level this policy should be explicitly defined in terms of what is considered a cyber intrusion in order to convey clear boundaries to nations and groups that would perform adversarial action. (NIST, 2019).