Let's begin with the bad news: Organizations are more likely than ever to be victimized by a cyber-attack. The reason for this is two-fold. Hackers with limited skills can easily purchase basic malware tools on darknet markets and use legitimate administration tools, such as Sysinternals suite. Meanwhile, at the top of the adversary food chain, Advanced Persistent Threats are becoming more sophisticated by the minute, harnessing the power of machine learning and other emerging technologies to improve their odds of a successful attack.
Compounding this challenge is the furious pace of cloud migration and the complexity of cloud and hybrid environments. This means that as attacks grow less difficult to launch and attackers wield powerful new tools and tactics, organizations are tasked with defending much more challenging terrain.
Fortunately, there is good news as well. By initiating a fresh security posture assessment -- and then creating an updated security posture centered around the concept of continuous improvement -- it's possible to tilt the playing field back in your favor. Deeper cyber posture visibility, facilitated by innovative new software tools, can help unlock profound and long-lasting security posture improvement.
With that in mind, let's take a deep dive into five strategies you can follow to develop a highly resilient and effective cybersecurity posture.
1. Extend visibility across the whole ecosystem
A generation ago, data could be safely ensconced within an internal fortress protected by firewalls, passwords and other basic tools. Today, however, global business is deeply interconnected, and the vast majority of enterprise workloads run on the cloud. Organizations are more dependent than ever on a complex web of vendor and partner relationships.
Attackers know this and have adjusted accordingly by attacking the weakest link in the chain -- smaller, under-resourced companies with limited cybersecurity capabilities. This back-door breach can put your most critical assets at risk, so it's imperative to ensure that partners (and third-party cloud infrastructure hosts) are operating according to the acceptable standards.
2. Go beyond the conventional penetration test
Penetration tests are a great way to develop a deeper insight into the strengths and weaknesses of your security posture. Instead of relying on reactive scanning strategies, a penetration test allows you to actively seek vulnerabilities, exploit them, identify the possible damage and walk through the best way to remediate this damage.
On the other hand, manual penetration tests have a problem: They are expensive and slow with a limited scale. This means they can only be staged episodically and there is often lag time between what the test uncovers and when test reports are received. In between test periods, organizations have little visibility into any new threats that develop. Given how dynamic today's cloud environments are, this can lead to serious problems.
Breach-and-attack simulation (BAS) platforms (especially Automated Purple Teams) solve these problems by providing the benefits of a pen test in an automated and continuous fashion. These tools launch simulated attacks against security environments and continuously probe for new vulnerabilities. Automation reduces the threat of blind spots developing between tests and allows for testing to occur on a continual basis. Once vulnerabilities are identified, BAS platforms offer prioritized remediation guidance -- with no lag time. This approach is perfectly suited for protection in highly dynamic environments and aligned with the larger goal of continuous protection and improvement.
3. Double down on proper it hygiene
The Covid-19 pandemic has radically expanded the attack surface. Collaboration tools are onboarding millions of new users as telecommuting and teleschooling quickly become the norm rather than the exception. Security professionals -- many of whom have only had intermittent office access -- have seen their ability to conduct tests sharply curtailed. This means that it's time for a fresh look at IT security posture and hygiene.
Managing credential use and application patches and enabling the detection of rogue systems are all critical endeavors. To do this effectively, it's key to have the help and the attention and buy-in of workers outside the IT department.
4. Freshen your approach for employee training
Human error is -- and likely always will be -- the reason why the vast majority of cyber-attacks succeed. The wildly talented hackers using novel techniques to defeat expertly designed and implemented cybersecurity controls may be a common film trope, but most real-world breaches are the result of basic, routine errors -- mostly involving bad passwords and fishy email links.
So how do we solve this eternal problem? We will never eliminate the human propensity for error, yet we can sharply reduce it through creative interventions. The conventional approach for employee training simply doesn't work. Employees already know the risks of phishing or poor password control -- they simply lack the situational awareness to activate and apply this latent knowledge when the time comes. Instead, help workers avoid errors by testing them with realistic scenarios using the most up-to-date attack techniques. Make training ongoing rather than episodic. Make it creative and compelling. Gamify it. Incentivize workers by rewarding those who avoid training errors.
5. Designate security champions
Generating interest and compliance with security measures is much easier if smart behavior is being modeled by people with credibility throughout an organization. Find people who fit this description and designate them as a champion for implementing sound security practices across all aspects of operations and development. When people feel personally invested, they will make a greater effort to adopt better behavior. Feedback gathered from champions can also play an important role in unlocking incremental improvements that persist over the long-term and add up to something greater.
With data breaches becoming more frequent (and more expensive to endure) every year, it is vitally important for organizations to undergo a fresh cybersecurity posture assessment. Two of the overarching goals in this process should be a commitment to continuous cybersecurity posture improvement and the reduction of human error. The security posture of an organization has never been more critical, given the risks posed by today's adversaries and the difficulties of defending complex new terrain.
By implementing the strategies mentioned above, organizations can meet these tough new challenges head-on -- and greatly improve their odds of coming out unscathed.
Dan Anconina, Customer Operations Manager, XM Cyber