Rarely a week passes by without news of another company being breached, a ransomware attack crippling critical infrastructure, or a data loss event causing millions to suffer a loss of privacy. On the other hand, these same organizations are trying as hard as they can to safeguard their customers, their data and their reputations. So what is missing? Is it a gap in technology? Is it about strengthening policies and procedures? Is it simply “the cost of doing business” – an inevitable outcome of the way we work and trade today?
In this post, I will share a few of the main reasons why we are where we are, and provide some simple steps for enterprises to take to change this paradigm.
There are a vast number of threats and threat actors out there, and their numbers are only growing. This expansion reflects a number of major technological shifts in recent years that have contributed to the changing threat landscape.
Vulnerability hunting has hit the big-time in recent years, thanks in large part to the popularity of bug bounty programs and “hacker” platforms that reward researchers and share knowledge. This is not only a good thing, it’s undoubtedly a necessary thing.
However, the flipside of better vulnerability reporting is faster time to exploitation, as threat actors rapidly jump on research publications and look for victims that have failed or are unable to patch. Exploited vulnerabilities can cause serious damage to all organizations, including those running our critical infrastructure.
Phasing out unpatchable technology and obtaining visibility across the entire digital estate are imperatives. Until then, the net result is that the bar for breaching unwary organizations will keep getting lower.
Users and identity represent the new cybersecurity frontier as the world of work moves away from the office to remote or location independent. As long as users are connected, they remain part of your network, whether they are in the next office or on the other side of the world.
The new reality of a distributed workforce increases the risk to enterprises as attackers shift to targeting end users and endpoints via compromising credentials and authentication methods at any point along the entire supply chain.
Take, for example, the recent highly-publicized activities of the Lapsus$ hacker group, which among other things compromised Okta’s systems by gaining remote access to a machine belonging to an employee of Sitel, a company subcontracted to provide customer service functions for Okta.
The new kid on the block is your cloud assets. While businesses are growing rapidly by scaling up their offering with the cloud, it makes it harder for security teams and defenses to stay on top of that risk. The security implications of AWS, Azure or other cloud assets is difficult to grasp for many businesses, even those with large SOCs.
From cloud misconfigurations and compromise through vulnerable services – think Log4J – protecting cloud workloads can be a challenging task, particularly when they are spread over public clouds, private clouds and on-prem data centers.
‘Smart devices’ that are connected to the internet have increased the attack surface for organizations. From networked printers to security cameras, anything connected to the public internet can serve as a backdoor into your organization.
Increased risk caused by IoT devices includes unchanged default passwords, outdated firmware with known exploitable vulnerabilities, and the lack of network discovery for many IT and security teams. As threat actors scan networks with automated tools for any sign of weakness, administrators similarly need automated tools that can identify and protect any device as it is plugged into the network.
The increasing use of unprotected or insecure Smart devices has given attackers an easy way into networks, a beachhead from which they launch attacks to steal information or commit fraud through ransomware or other techniques.