The Moscow Rules in the Cyberspace
Doing your basics is a natural given, when you defend your assets. Basics like updating your computers, staying on latest versions, dynamic network zones, incident response, identity management, monitoring etc. etc. – last but not least (or probably first J) is to know your assets and have your data classified so that you understand, which part of your business needs which level of protection.
That's the basic stuff, which almost all companies do on different levels of maturity. But what about intelligence? What about leveraging sources outside your company (and combine it with information inside your company) to be able to look at least a tiny little bit in the future? This rarely happens or – better – I have not seen too many organizations really doing that intensively and successfully. Additionally, there is the question how to behave if you are going to setup something like that up. We are all used to work in a defensive mode but not necessarily in intelligence.
Back during the Cold War, the US had some rules how to move behind enemy lines when you are a spy. These rules were called Moscow Rules. If you look at them, they can really and simply be applied to the Cyberspace as well. Read yourself. It is worth thinking about it and then thinking about how we can start to predict attacks: Moscow Rules: The original protocol for operating in the presence of adversaries can be applied to cyber defense