24 May, 2022
Preventing Cyber Attacks in 2022 – Strategy “Must Haves"
With modern day businesses digitizing more and more, the digital attack surface is ever expanding, and cyber adversaries continue to pose an increasingly serious threat to their security. Over the past couple of years, remote work has become more common than ever leading to boundaryless networks and organizations, giving opportunistic cybercriminals a chance to take advantage of vulnerabilities in the digital environments that organizations rely on to stay afloat.
Cyber adversaries are showing no signs of mercy in 2022, which is why it’s imperative to develop a strategy for maintaining a strong security posture for your organization. Take the Okta Lapsu$ breach from earlier this year for example – one seemingly small detail that was overlooked by Okta’s security team allowed Lapsu$ to exploit a vulnerability through a third-party customer service vendor’s employee device.
So, what are some key strategies that you can implement to take a proactive approach to your organization’s security posture? The key is to be proactive to prevent having to be reactive.
Proactive security posture management begins with proactive leadership. Having a team of competent, knowledgeable, conscientious individuals is essential. An organization’s leadership is responsible for staying multiple steps ahead of cybercriminals with motive to exploit vulnerabilities within their digital environments. There is tremendous pressure to ensure that every detail is accounted for, including security controls, proper security training for both technical and non-technical employees, third party vendor compliance, and risk assessments.
It takes a highly skilled professional to be able to apply business context to security posture management in that it requires leaders to think like a hacker. Any good cybersecurity leader must understand what the most targeted areas of their digital environment are to cyber adversaries. A cybersecurity leader must think to themselves “why would a cybercriminal want to hack from us?” or “what data would a cyber adversary want to exploit?”
Maintaining a strong security posture in 2022 requires a relentless focus on improvement facilitated by consistent visibility. Any organization that takes security seriously understands that cybersecurity is more than just checking a box for compliance. In a world where digital environments are constantly changed or tweaked, Penetration Testing and vulnerability scans are key to maintaining constant visibility. Without prioritizing consistent visibility, it would be nearly impossible to stay ahead of cyber adversaries. Finding and remediating new vulnerabilities within your systems as a cybersecurity professional significantly reduces the risk that a cybercriminal will find those blind spots and exploit them first. This all boils down to one simple statement that you’ve probably heard before – it’s better to be safe than sorry.
With that said, it’s much more cost effective to spend a security budget proactively than reactively. Allocating resources to PenTesting, vulnerability scans, and security controls is much simpler and less stressful than working against a hacker that’s already begun exploiting a vulnerability. If a vulnerability slips through the cracks and is exploited, there could be irreparable damage to your organization’s and team’s reputation and finances. Modern and innovative security vendors offer PenTesting solutions that continue to monitor security posture over time, often in subscription-based models.
Have a Detailed Remediation Plan
It’s one thing to have constant security posture visibility – remediating vulnerabilities that show up is another. Having a solid plan in place to remediate exploitable vulnerabilities is an important part of modern-day security strategy that cannot be overlooked. An adequate plan should include a designated team of technical professionals responsible for remediation efforts, a remediation prioritization framework with ample business context applied to it, and timeline benchmarks. It is important to understand how much time should be spent on remediation efforts to ensure that your security team is able to be efficient in the remediation process.
Something that can help make planning remediation efforts easier is working with a vendor that provides a comprehensive report. When sourcing a PenTesting vendor, for example, it is important to ensure that the vendor follows industry vulnerability standards like OWASP and NIST, provides thorough proof of concept (POC) for each vulnerability, provides a criticality rating for each vulnerability to ease prioritization, and provides remediation recommendations. The more comprehensive a PenTest report is, the easier it is to allocate resources to the vulnerabilities that require the most attention. Another point to highlight is that there are some vendors who share the findings of a Penetration Test via third-party platforms. If you have not vetted the third-party vendor that the report is delivered on, it may be best to steer clear.
A good rule of thumb to follow when assigning privileges to employees in your organization’s digital environment is to limit each individual’s access to only the data that is needed. If a lower privilege employee is given access to high privilege data, this leaves an extended attack surface for a cyber adversary to take advantage of. The same concept applies to determining the level of access given to different clients that may utilize a digital asset belonging to your organization as a product. For example, if a healthcare provider uses a third-party web application as a portal to communicate with their clients, it is important to make sure that users do not have access to one another’s data.
All around, if you can manage to think like a hacker, you’re well on your way to staying one step ahead of a cyber attacker.