>_AYSOLI SECURITY HUB
THREAT AREA

SME Resilience Architecture

Small and medium-sized enterprises (SMEs) often face the challenge of implementing complex requirements such as ISO 27001 or the Swiss ICT Minimum Standard with limited resources.

Your Strategy

Focus on operational resilience instead of pure paper compliance. Implement "high-impact" controls such as MFA, conditional access, and automated offboarding, which provide the greatest security gain with minimal administrative effort.

Best Practices

  • Prioritization: Start with the controls that protect against 80% of the most common attacks (e.g., identity protection).
  • Pragmatism: Fully utilize the built-in features of your existing cloud platforms (e.g., Microsoft Defender / Purview).
  • Hygiene: Establish simple but consistent processes for the lifecycle of users and systems.

STRIDE-LM Design Risks

SpoofingS-01

Identity Spoofing

Attacker impersonates a legitimate user or partner.

TamperingT-01

Data Tampering

Unauthorized modification of shared data or configurations.

RepudiationR-01

Audit Log Manipulation

Deleting or altering traces of an action.

Information DisclosureI-01

Sensitive Data Exposure

Unintentional disclosure of internal information to externals.

Denial of ServiceD-01

Resource Exhaustion

Overloading systems through massive requests or resource hogging.

Elevation of PrivilegeE-01

Privilege Escalation

Gaining privileges beyond what is intended.

Lateral MovementL-01

Lateral Movement

Accessing further internal systems after initial login.

Monitoring GapsM-01

Insufficient Logging

Missing or inadequate recording of security-relevant events.

MITRE ATT&CK® Techniques

Initial Access
T1566

Phishing

ATT&CK

Delivering malicious content via electronic communication.

Mitigated by
Conditional Access PoliciesBaseline ProtectionMedium
CIS: 6.1NIST: PR.AC-7OWASP: API2
FIDO2 EnforcementBaseline ProtectionMedium
CIS: 6.5NIST: PR.AC-7OWASP: A07:2021
T1078

Valid Accounts

ATT&CK

Exploiting existing credentials for access.

Mitigated by
Conditional Access PoliciesBaseline ProtectionMedium
CIS: 6.1NIST: PR.AC-7OWASP: API2
FIDO2 EnforcementBaseline ProtectionMedium
CIS: 6.5NIST: PR.AC-7OWASP: A07:2021
Automated Offboarding WorkflowBaseline ProtectionMedium
CIS: 6.7NIST: PR.AC-2
Breached Password DetectionBaseline ProtectionLow
NIST: PR.AC-1OWASP: A07:2021
Regular Access ReviewsBaseline ProtectionLow
CIS: 6.6NIST: PR.AC-1OWASP: A01:2021
Centralized Secrets VaultingExtended ProtectionMedium
CIS: 6.12NIST: PR.DS-1
Persistence
T1098

Account Manipulation

ATT&CK

Changing permissions or creating new accounts.

Mitigated by
Automated Offboarding WorkflowBaseline ProtectionMedium
CIS: 6.7NIST: PR.AC-2
Regular Access ReviewsBaseline ProtectionLow
CIS: 6.6NIST: PR.AC-1OWASP: A01:2021
Credential Access
T1539

Steal Web Session Cookie

ATT&CK

Capturing active session tokens to bypass authentication.

Mitigated by
Conditional Access PoliciesBaseline ProtectionMedium
CIS: 6.1NIST: PR.AC-7OWASP: API2
FIDO2 EnforcementBaseline ProtectionMedium
CIS: 6.5NIST: PR.AC-7OWASP: A07:2021
T1110

Brute Force

ATT&CK

Attempts to gain access to accounts or API keys through systematic trial and error.

Mitigated by
FIDO2 EnforcementBaseline ProtectionMedium
CIS: 6.5NIST: PR.AC-7OWASP: A07:2021
Breached Password DetectionBaseline ProtectionLow
NIST: PR.AC-1OWASP: A07:2021
T1552

Credentials from Password Stores

ATT&CK

Extracting passwords from web browsers or password managers.

Mitigated by
Automated Offboarding WorkflowBaseline ProtectionMedium
CIS: 6.7NIST: PR.AC-2
Breached Password DetectionBaseline ProtectionLow
NIST: PR.AC-1OWASP: A07:2021
Centralized Secrets VaultingExtended ProtectionMedium
CIS: 6.12NIST: PR.DS-1
Exfiltration
T1020

Automated Exfiltration

ATT&CK

Automated exfiltration of data via interfaces.

Mitigated by
Privacy by Design GuardrailsGrundschutzMittel
CIS: 17.3NIST: ID.AM-7
Impact
T1485

Data Destruction

ATT&CK

Irretrievable deletion of company data.

Mitigated by
SIEM IntegrationExtended ProtectionHigh
CIS: 8.5NIST: DE.AE-3NIST: DE.CM-1OWASP: A09:2021
Incident Response Playbook (Admin Compromise)Baseline ProtectionMedium
CIS: 17.3CIS: 17.4NIST: RS.MA-1NIST: RS.AN-1NIST: RC.RP-1
MFA for Deletion OperationsExtended ProtectionLow
CIS: 6.5NIST: PR.AC-7
T1490

Inhibit System Recovery

ATT&CK

Deleting backups and shadow copies to prevent system recovery.

Mitigated by
MFA for Deletion OperationsExtended ProtectionLow
CIS: 6.5NIST: PR.AC-7

Is your scenario more complex?

AYSOLI experts support you in implementing your specific security requirements.

Free consultation