Time To Get Serious About Defence

Uploaded on 2023-11-08 in TECHNOLOGY--Resilience, FREE TO VIEW

When we think of the modern attack surface it is a mix of on-premises and multiple cloud systems, numerous identity and privilege management tools and multiple web-facing assets. The challenge with complexity is that it affords numerous opportunities for misconfigurations and overlooked assets. And threat actors are taking full advantage of the blindspots. 

A commissioned study of 100 U.K. based cybersecurity and IT leaders, conducted in 2023 by Forrester Consulting on behalf of Tenable, found that the average organisation was able to prevent 52% of the cyberattacks they encountered in the last two years. However, having only this much coverage left them vulnerable to 48% of the attacks faced, with security teams forced to focus time and efforts reactively mitigating rather than preventing attacks. Looking at what’s holding the teams back from switching focus, it was evident that time is not on their side.

Six in 10 respondents (60%) say the cybersecurity team is too busy fighting critical incidents to take a preventive approach to reducing their organisation’s exposure.

Consider the large percentage of successful ransomware attacks in the UK this year alone. Capita, an outsourcing company that runs crucial services for local councils, the military and the NHS, had its systems infiltrated by a ransomware gang with customer data exfiltrated. Royal Mail held its hands up, finding itself unable to process international deliveries in addition to its data held to ransom. Barts Health NHS trust, Greater Manchester Police and more all disclosed that they’d been impacted by ransomware. The days of old where threat actors were indiscriminately encrypted systems for a fraction of a bitcoin are over as today’s cyber criminals will cripple operations and negotiate a sizable fee for the return to normal.

Once sensitive data has been stolen in an attack the confidence of confidentiality is lost forever - you can’t put the data genie back in the bottle - that’s why a proactive approach is so important.

Attack Paths

When it comes to cyberattacks, what we know is that threat actors’ attack methodology is not advanced or even unique but opportunistic. Attackers see many ways in and multiple paths through environments to do damage and monetise their nefarious efforts. When evaluating an organisation’s attack surface, they're probing for the right combination of vulnerabilities, misconfigurations and identity privileges. They’re looking for an open window to crawl through.  In the majority of instances it is a known vulnerability that allows threat actors an entry point to the organisation’s infrastructure. Having gained entry threat actors will then look to exploit misconfigurations in Active Directory to gain privilege and further infiltrate the organisation to steal data, encrypt systems or cause other business impacting outcomes.

Protecting everything is soul destroying given it's practically an impossible task. Similarly, organisations are well beyond the point where vulnerability management can be performed in a vacuum. Alone, it only tells part of the story. By focusing resources on the vulnerabilities that are likely to be exploited and understanding how attackers chain multiple flaws together, security teams can design more complete strategies for reducing their overall risk and exposure. 

Prevention Is Better Than Cure

Preventive cybersecurity requires the ability to assess and prioritise vulnerabilities and misconfigurations in context, wherever they reside, alongside user data, asset value and awareness of likely attack paths so that IT and cybersecurity employees can make the right decisions about which systems or classes of users and assets to remediate first. 

Built on the foundations of risk-based vulnerability management, exposure management takes a broader view across the modern attack surface, applying both technical and business context to more precisely identify and more accurately communicate cyber risk, enabling better business decisions.

An exposure management program provides additional context - such as who is using the system, what they have access to, how it's configured, etc. Understanding attacker behaviour helps inform security programs and prioritise security efforts to focus on areas of greatest risk and disrupt attack paths, ultimately reducing exposure to cyber incidents.

Organisations that can anticipate cyber attacks and communicate those risks for decision support, will be the ones best positioned to defend against emerging threats.

Implementing an exposure management program enables security professionals to better allocate time and resources so they can focus on taking the preventive actions that legitimately reduce an organization's cyber risk. 

Gavin Millard is Deputy CTO at Tenable

Image: Rodion Kutsaiev

You Might Also Read: 

Senior Managers Need Higher Cyber Security Awareness Than Other Employees:

___________________________________________________________________________________________

If you like this website and use the comprehensive 6,500-plus service supplier Directory, you can get unrestricted access, including the exclusive in-depth Directors Report series, by signing up for a Premium Subscription.

  • Individual £5 per month or £50 per year. Sign Up
  • Multi-User, Corporate & Library Accounts Available on Request

Cyber Security Intelligence: Captured Organised & Accessible

 

« Major Outage: British Library Suffers A Cyber Attack
Securing Kubernetes Helm: Vulnerabilities & Defensive Strategies »

CyberSecurity Jobsite
Perimeter 81
Cyrin

Real Attacks. Real Tools. Real Scenarios.
Schedule a demo

Go Cyber

Training that transforms behaviours

Sign Up: Cyber Security Intelligence Newsletter

Directory of Suppliers

CYRIN

CYRIN

CYRIN® Cyber Range. Real Tools, Real Attacks, Real Scenarios. See why leading educational institutions and companies in the U.S. have begun to adopt the CYRIN® system.

Clayden Law

Clayden Law

Clayden Law advise global businesses that buy and sell technology products and services. We are experts in information technology, data privacy and cybersecurity law.

ON-DEMAND WEBINAR: What Is A Next-Generation Firewall (and why does it matter)?

ON-DEMAND WEBINAR: What Is A Next-Generation Firewall (and why does it matter)?

Watch this webinar to hear security experts from Amazon Web Services (AWS) and SANS break down the myths and realities of what an NGFW is, how to use one, and what it can do for your security posture.

Practice Labs

Practice Labs

Practice Labs is an IT competency hub, where live-lab environments give access to real equipment for hands-on practice of essential cybersecurity skills.

Resecurity

Resecurity

Resecurity is a cybersecurity company that delivers a unified platform for endpoint protection, risk management, and cyber threat intelligence.

Cysec Resource Co (CRC)

Cysec Resource Co (CRC)

We offer expertise in information and cyber security, sourcing individuals and teams who provide information security expertise to the public and private sector.

CSIRT.CZ

CSIRT.CZ

CSIRT.CZ is the National Computer Security Incident Response Team of the Czech Republic.

Konfidas

Konfidas

Konfidas provide high-level cybersecurity consulting and professional tailored solutions to meet specific cybersecurity operational needs.

Cybercrowd

Cybercrowd

Cybercrowd is a cyber security specialist offering technical services, cyber security assessments, guidance and security thought leadership.

Somansa

Somansa

Somansa is a global leader in Data Security and Compliance solutions designed to protect valuable company information from leakage and help meet regulatory compliance requirements.

SteelCloud

SteelCloud

SteelCloud has spent the last decade inventing technology to automate policy compliance, configuration control, and Cloud security.

Cybero

Cybero

Cybero offers professional corporate cybersecurity training tailored to your business requirements.

Advisera 27001Academy

Advisera 27001Academy

Advisera is a market leader in providing documentation and online support for the implementation of business standards including ISO 27001, ISO 22301 and EU GDPR.

DarkLight

DarkLight

DarkLight is a cybersecurity platform that mimics human thinking at scale to build resiliency to Advanced Persistent Threats.

Prosperoware

Prosperoware

Prosperoware develop software for cybersecurity, privacy, and regulatory compliance for content systems, and financial matter management.

Outsource Group

Outsource Group

Outsource Group is an award winning Cyber Security and IT Managed Services group working with a range of SME/Enterprise customers across the UK, Ireland and internationally.

Quartz Network

Quartz Network

Quartz Network is a curated community for change-makers, up-and-comers, and professionals who are ready to grow, adapt, and thrive.

Lansafe

Lansafe

Lansafe stands as a leading managed service provider in the UK, seamlessly integrating IT, Telecoms, Security, Electrical and Cyber Security solutions.

Vorlon

Vorlon

Vorlon's agentless patent-pending solution facilitates risk profiling of apps, and provides AI-driven behavioral analytics with response recommendations.

SentryMark

SentryMark

Stay a Step Ahead of Emerging Threats. Deviate from the traditional siloed defenses and get the proactive and responsive cybersecurity solutions and services you deserve with SentryMark today.

Prequel

Prequel

Prequel is your real-time problem detection and resolution platform, powered by the global reliability community.