Sunday, November 27, 2022

A 4 Point Roadmap Why The New Will Not & Why The Old Will Save Us In Cyber

 


Just last night, I resumed my studies again for studying in the “Certificate In Cybersecurity” exam.  It is an entry level certification, and is a new one that is being hosted by the ISC2, one of the top testing vendors globally. 

In fact, they are the ones that also host the CISSP, which has basically become the gold bar now in the Cyber industry (like how the MCSE was back in the 90’s, during the Internet Bubble).  One of the topics that I ended up studying was about Incident Response Planning.

Sure, I thought this topic would be easy enough, because I have written on it so many times in the past. No that the material was hard by any means, but the terminology was a little bit more than I had realized. 

One term that I came across which I probably have used a hundred times over as a writer was “Breach”.  I scratched my head, and thought, “OK, what really is a breach?  What technically causes it to happen?”  According to the study materials that I have, it was defined as the point where the Cyberattacker actually decides to break through your perimeter defense. 

Now what happens after that was not mentioned.  But that is how it is interpreted.  But as this term is applied into the real world, security breaches are really nothing new.  We see them happen all of the time, some of them are small cases, or some of them can be very large, such as the Solar Winds hack.  But in the end, something is stolen (no matter how long it takes), and it is of high value and pertinence to the business.

According to a recent research study conducted by Crowd Strike, it was technology that succumbed most to security breaches.  From 2021 to 2022, there were well over 77,000 breaches that have occurred and witnessed by their researchers (however, this number does not include other kinds of breaches that have occurred to other victims). 

More info about this study can be seen here at this link:

https://www.crowdstrike.com/resources/reports/overwatch-threat-hunting-report/

Here are some of the key highlights from this report:

*The Cyberattacker of today is moving away from using malware-based attacks.  According to their research, 71% of the security breaches that they witnessed did not even include malware. 

*Between 2021 and 2022, more than 30,000 vulnerabilities.  Now according to my study material there is a distinction here:  Vulnerabilities are simply a weakness in which a Cyberattacker can penetrate through, such as a backdoor that was still left open in the software development lifecycle.  The breach actually occurs when the Cyberattacker actually penetrates through this weakness.

*Sometimes, a Cyberattacker may not even enter through the vulnerability to break in.  They might just simply deploy a malicious payload such as a “Web Shell”.  These are malicious scripts that allow the hacker to take over a particular Web Server and cause more damage from that.

So what can an SMB, or even a Fortune 500 company do to stop the rising trend in security breaches from happening?  Keep in mind that these tips will only help you to mitigate, or decrease that risk.  It is not a 100%, absolute guarantee.  Here we go:

1)     Review the basics:

At this point the thought of investing newer security seems to be the answer.  The harsh reality of that is actually a resounding “no”.  You really do not need anything.  You can probably make so with whatever you have in place.  It just all needs to be realigned again to give you the maximum protection that is possible.  For instance this means conducting a brand-new risk assessment to see where your most vulnerable assets lie at.  It also means reviewing your security policy and other important docs to see how well prepared you are to handle a security breach should it happen to you.  It also means that your employees are obeying proper password hygiene habits.  It also means that your are applying software patches and upgrades as they come out.  More can be added, but you get the idea.

2)     Keep an eye on your remote services:

This is starting to become a newer type of vulnerability, and something that the Cyberattacker will take complete advantage of whenever and wherever possible.  Probably one of the most broken remote services is that of the Remote Desktop Services, or also known as RDP from Microsoft.  This is a specialized kind of protocol that lets you log into remotely another workstation or server.  It has been hammered many times by Cyberattackers in the past, and truthfully speaking, I don’t how actively it is even being used even more.  In fact, the Solar Winds hack occurred because of weaknesses that were found in one of their remote services, that thousands of clients became highly dependent upon.

3)     Privileged Access:

These days, the Cyberattacker is not so much after the passwords of just your regular employees.  Rather, they want the higher-level privileged accounts, so they can get to the crown jewels even quicker than before.  So, make sure those Privileged Accounts are as secure as possible, by making use of the principles of Privileged Access Management, or also known as PAM for short.  This is starting to become a hot area now in Cyber, especially with SaaS based deployments into the Hybrid Cloud.  I am in the process of writing a ton of articles about PAM for a client, so hopefully I can get those uploaded to my site soon.

4)     Watch for Social Engineering:

Many Cyberattackers of today are even dissing the notion of using digital threat vectors.  Instead, they have a new ally on their side:  Social Media.  A hacker can quickly build up a profile based upon what people post, and from there, they can launch laser pointed Social Engineering attacks against them in order to gain access to privileged information.  Also, they can use what is known as Open-Source Intelligence, or OSINT for short.  This is all mostly free stuff that is available on the Internet that gives details about other people and businesses.

My Thoughts On This:

Here are some of the quick tips that you can use to keep your business at bay from security breaches.  It is by no means an exhaustive list.  But it is designed to get you and your CISO thinking about things again.  Remember, new does not always equate to security success. Simply building a better mousetrap with what you already have is usually the best way to go.

 

No comments:

Post a Comment

How To Launch A Better Penetration Test In 2025: 4 Golden Tips

  In my past 16+ years as a tech writer, one of the themes that I have written a lot about is Penetration Testing.   I have written man blog...