In the last two years, the organizations have experienced a quantum leap in digitalization, adopting a set of new technologies to facilitate remote and hybrid work. Therefore, they are dealing with a more complex technology stack than ever, which introduces new vectors for the use of cybercriminals.
Amid heightened cyber threats, regulators around the world, including the UK’s National Cyber Security Center (NCSC), have advised organizations to build cyber resilience, but this task is more complicated than ever. The interconnectedness of technology allows hackers to maximize the impact of their attacks by navigating the organization’s networks in search of the most valuable assets to exploit.
It is vital that security teams begin to understand this threat. Identifying the paths of an attack can be difficult, but it is important to note that hackers invariably seek the path of least resistance to attack systems. This means using known credentials and available connections between the two systems, which are often initially available on the network. Once an attack route has been identified, security teams should investigate and verify whether they lead to critical assets or other exposed parts of the network.
Security teams must also understand the technologies used in an organization and seek to identify vulnerabilities that can be “chained” to build a path. By scanning the source code for vulnerabilities, conducting penetration tests on products and services, and working closely with the Security Operations Center (SOC) to monitor network event log files across the infrastructure, security teams can identify potential vulnerabilities and proactively monitor malicious activities around the organization’s network.
Jack Chapman, Exodus
Vulnerabilities in the software are published regularly as Common vulnerabilities and exposures (CVEs). While attackers will begin to develop exploits of identified vulnerabilities, it is essential that security teams work at a pace to identify these windows of attack before a path is formed.
For future conversions, it is important to anticipate risk. The first step is to ensure that when new solutions are considered, the security team is involved from the outset. Educate IT teams and users on the importance of security considerations and build processes that ensure your team has a seat at the table from day one. With the early involvement of security teams, organizations can audit new vulnerability technologies before adding them to the network.
IT teams must also accept principle of least privileges when it comes to their set of technologies. To facilitate this more effectively, organizations may also consider adoption privilege access management (PAM) tools for control, monitoring and audit of permits. In addition, secure endpoints by removing local administrator privileges and implement continuous control controls to ensure that existing technology is configured correctly to reduce the risk of vulnerabilities.
Think about the paths an attacker can take through your various systems and applications multilayer security to minimize available roads. Think of it as the principle of Swiss cheese – you want to create a series of barriers. Attackers can go through one or two of them, but the more layers there are, the less likely they are to go all the way. Important elements to keep in mind are tools to prevent distributed denial-of-service (DDoS) attacks, phishing, malware, and data loss prevention. Also use pen testing to identify and correct vulnerabilities.
My last piece of advice to organizations – and security teams – is this: If you’re not sure, seek advice. Whether it’s from your security colleagues, your technology vendor, or external cybersecurity consultants. After all, cybersecurity is a huge space and you can’t know everything. It is better to ask for help than to leave the door open for an attack. If you follow these steps, your organization can begin to make sense of its complex technology ecosystem and build its security position.
Jack Chapman is vice president of threat intelligence at Exit.