The modern attack surface is a mix of on-premises and multiple cloud systems, numerous identity and privilege management tools and multiple web-facing assets. This complexity affords numerous opportunities for misconfigurations and overlooked assets, and leaves security teams struggling to obtain an accurate picture of their attack surface.
Threat actors are taking full advantage of the blind spots.
Consider the large percentage of successful ransomware attacks in recent months. The days of old, where threat actors indiscriminately encrypted systems for a fraction of a Bitcoin, are over; today’s cyber criminals will cripple operations and negotiate a sizable fee for the return to normal. However, even if a fee has been paid, once sensitive data has been stolen in an attack, the confidence of confidentiality is lost forever – you can’t put the data genie back in the bottle. This is why a proactive approach is so important.
Attack paths
When it comes to cyber attacks, threat actors’ attack methodologies are not advanced or even unique, but opportunistic.
Attackers see many ways in and multiple paths through environments to do damage and monetise their nefarious efforts. When evaluating a company’s attack surface, they're probing for the right combination of vulnerabilities, misconfigurations and identity privileges.
They’re looking for an open window to crawl through. Usually, it is a known vulnerability that allows threat actors an entry point to the company’s infrastructure. Having gained entry, threat actors will then look to exploit misconfigurations in Active Directory to gain privilege and further infiltrate the organisation to steal data, encrypt systems or cause other business impacting outcomes.
Protecting everything is soul-destroying, given it's practically an impossible task. Similarly, organisations are well beyond the point where vulnerability management can be performed in a vacuum.
By focusing resources on the vulnerabilities that are likely to be exploited and understanding how attackers’ chain multiple flaws together, security teams can design more complete strategies for reducing their overall risk and exposure.
Prevention better than cure
Preventive cyber security requires the ability to assess and prioritise vulnerabilities and misconfigurations in context, wherever they reside, alongside user data, asset value and awareness of likely attack paths. This holistic intelligence allows IT and cyber security employees to make informed decisions about which systems or classes of users and assets are most at risk and require remediation first.
Built on the foundations of risk-based vulnerability management, an exposure management programme takes a broader view across the modern attack surface. It applies both technical and business context, and provides additional context, such as who is using the system, what they have access to, how it's configured, etc.
Understanding attacker behaviour helps inform security programmes and prioritise security efforts to focus on areas of greatest risk and disrupt attack paths, ultimately reducing exposure to cyber incidents. Companies that can anticipate cyber attacks and communicate those risks for decision support will be the ones best positioned to defend against emerging threats.
Companies must take action to understand the risks they face, address the challenges standing in their way and, ultimately, reduce the sheer volume of successful cyber attacks the security team must react to.
Implementing an exposure management programme enables security professionals to better allocate time and resources so they can focus on taking the preventive actions that legitimately reduce an organisation’s cyber risk.
Share