Cybersecurity is a big challenge as hackers are always trying to find new methods to attack and exploit system vulnerabilities. Cybersecurity threats and risks have increased in recent years, due to the increasing number of devices and networks connected. This has led to the development of new cyberattack patterns, such as ransomware, data breaches, and advanced persistent threats (APT). Consequently, defending such complicated attacks needs to stay up to date with the latest system vulnerabilities and weaknesses to set a proper cybersecurity defense strategy. This paper aims to propose a defense strategy for the presented security threats by determining and prioritizing which security control to put in place based on combining the MITRE ATT&CK framework with multi-criteria decision-making (MCDM) techniques. This approach helps organizations achieve a more robust and resilient cybersecurity posture.

翻译：网络安全面临重大挑战，黑客不断试图寻找新方法攻击并利用系统漏洞。近年来，随着互联设备和网络数量的增加，网络安全威胁与风险持续上升，催生了勒索软件、数据泄露和高级持续性威胁（APT）等新型网络攻击模式。因此，防御此类复杂攻击需要及时掌握最新的系统漏洞与弱点，以制定恰当的网络安全防御策略。本文旨在通过结合MITRE ATT&CK框架与多准则决策（MCDM）技术，确定并优先部署安全控制措施，从而针对现有安全威胁提出防御策略。该方法有助于组织建立更稳健、更具韧性的网络安全态势。