Decoding Cyber Threats in Education: A Deep Dive into TTPs using MITRE ATT&CK
Introduction (5 minutes)
- Welcome and introduction to the topic, emphasizing the critical role of cybersecurity in protecting educational institutions.
- Brief overview of the MITRE ATT&CK framework and its significance in understanding cyber threats.
The Evolution of Cyber Threats in Education (5 minutes)
- Discussion on the rise of cyber threats targeting the educational sector, highlighting recent incidents and their impact.
- Explanation of why educational institutions are attractive targets for cybercriminals, focusing on the wealth of personal and financial data they hold.
Unpacking TTPs with MITRE ATT&CK (10 minutes)
- Detailed explanation of the MITRE ATT&CK framework, its components (tactics, techniques, and procedures), and how it helps in understanding adversary behaviour.
- Live demonstration of navigating the MITRE ATT&CK matrix, showcasing how to identify and analyse TTPs relevant to the educational sector.
- Case study: Mapping a recent cyber-attack on an educational institution to the MITRE ATT&CK framework to illustrate the practical application of the framework.
Operationalising MITRE ATT&CK for Threat Hunting (5 minutes)
- Discussion on how security teams can operationalize the MITRE ATT&CK framework for proactive threat hunting and defence.
- Highlighting the roles of threat intelligence, red, blue, and purple teams in utilising the framework effectively.
Bridging the Gap: From Identification to Mitigation (5 minutes)
- Exploring how vulnerability scanning and penetration testing complement the use of MITRE ATT&CK in identifying security gaps.
- Strategies for translating identified TTPs into actionable mitigation plans, including policy updates, technological enhancements, and staff training.
Conclusion and Interactive Q&A (5 minutes)
- Recap of key points: the importance of understanding TTPs, the utility of the MITRE ATT&CK framework, and the path towards enhanced cybersecurity in education.
- Opening the floor for questions and encouraging attendees to explore the MITRE ATT&CK framework further.
Q&A Session (5 minutes) - Addressing audience queries, providing clarifications, and discussing potential applications of the presented concepts.