It’s a busy time to be in cybersecurity. Threat actors are more sophisticated, exploit even the most minor vulnerabilities, and don’t care who they hurt when they do it. And when organizations can fend them off, they don’t go away — they simply regroup, change their strategy and find a new way in. Organizational attack surfaces are also expanding, giving attackers bigger targets to hit. It’s a sneaky battle and one that organizations have to fight.
But too often, organizations can’t keep up. They find themselves trying to keep pace with the newest threats, resorting to reacting after a breach happens rather than learning how to be proactive and get in front of their digital attack surface. Wouldn’t it be much easier if you knew where the battle lines were drawn and could anticipate the enemy’s next move instead of hiding inside, hoping the walls don’t have a weak spot?
The bad news is that malicious actors are after your organization and could be planning ways to break in right now — or may already be inside. The good news is there’s something you can do about it.
Recognize The Constantly Shifting Battles Lines: organizations are evolving quickly these days, and the pandemic has accelerated their regular speed of growth. But as organizations grow, adopt new capabilities and use new resources, they may not realize that they’re changing their attack surface. Some of the ways they do so include:
Moving to the cloud: Migrating to the cloud offers great flexibility, scalability, and efficiency. But cloud security is managed very differently than on-premise storage, and the attack surface changes dramatically — and stays dynamic. According to the results of an O’Reilly survey, over 88% of organizations use the cloud in some way.
Decentralizing work: The pandemic forced a decentralization of workforces. According to results from a Statista study, those working from home five days a week grew from 17% to 44% during 2020. And while remote work has provided many short-term and newly recognized long-term benefits, it brings with it new challenges because the digital attack surface has now widened to every employee’s home internet connection.
Shifting left: Many organizations have shifted left to more rapidly iterate and deploy applications. But while this approach may speed up pipelines, quick delivery allows for the chance of mistakes and vulnerabilities being exposed.
Expanding into the IoT and 5G: As organizations expand their networks and systems into devices, they need to realize those devices become part of the attack surface, too.
Become Aware Of Forgotten Or Hidden Vulnerabilities: Threat actors are looking for areas to penetrate — and it doesn’t take much to compromise a system globally. Take, for example, the massive Microsoft Exchange server attack that compromised 400,000 servers worldwide, putting organizations and their data in jeopardy. The attack was caused by only four vulnerabilities that allowed the attackers to bypass authentication and run code on the server. Yet, multiple malicious actors were involved, many deploying ransomware and hijacking entire systems.
Once Microsoft launched its patches, it became a race against time for organizations to implement them faster than malicious actors could use the information Microsoft released to infiltrate still-vulnerable systems. Many organizations weren’t even aware they had Exchange servers to check because they lacked awareness of their attack surface. By the time they did, it was already too late.
Protect Your Systems: So how can you keep safe? Attacks don’t need to be status quo, and organizations don’t always have to be scrambling in the wake of the latest breach. Becoming more proactive with your security starts with building a solid foundation by doing the following:
Audit your systems: First, map out your attack surface to know exactly what you should be monitoring. This will also help you uncover where older systems, forgotten assets, and unpatched issues are leaving you exposed to exploitation.
Shrink your attack surface: The more surface area, endpoints, and exposed systems you allow, the more threat actors have to work with. Update, consolidate or do away with legacy systems, reduce complexity, and have a surface that’s manageable.
Compile the right team and the right information: Have the right security-minded people in place who are proactive in their approach and make sure they’re getting information that’s actionable and helpful.
Detect threats: Start thinking like a threat actor and detect ways they might access your systems. This will help you understand what’s exposed and what’s protected.
Have a plan for response: Anticipate the next attack by creating a response plan, and run drills to test it so if a breach does happen, you can respond immediately — because every minute really does count.
Once you’ve built your core capabilities, you can build upon them by expanding your threat intelligence outward, so you can begin to understand the actors and their strategies. Create an inventory of common attacks you see against your systems and start to identify patterns. Is there one place they typically target? Who’s attacking you? What tactics do they use? This information will help you begin to think ahead and anticipate the next attack.
Additionally, continue to track your attack surface as it grows and expands with new initiatives, new devices, and new operational shifts. Then, you’ll be able to anticipate how it will change before new initiatives or innovations roll out.
Fight The Battle
It may be a sneaky battle, but it’s one that organizations must fight to keep their data and their reputations protected. By understanding the attack surface, expanding your intelligence capabilities, and getting to know the enemy, you’ll be prepared for the fight ahead. Learn more about how we partner with RiskIQ. Enabling this fight with RiskIQ Illuminate, our next-gen security intelligence and analytics platform that discovers your internet attack surface and delivers relevant and actionable intelligence to protect your organization.
Spot Ransomware with Situational Awareness
Prevent with OSINT
Open-source intelligence is key to understanding threat groups and how they could target your organization. Keeping up-to-date on Ransomware IOC’s is essential, as is continuously chaining threat infrastructure to uncover the digital footprints of critical threats to your organization.
The Threat Intelligence Portal in RiskIQ PassiveTotal is updated daily with the latest intelligence and indicators from open-source and RiskIQ Labs. Analysts can pivot across intelligently correlated data sets built from RiskIQ’s massive internet data collection to link infrastructure to known ransomware attacks and prevent attacks on your organization.
Know With Attack Surface Visibility
Ransomware doesn’t just come from email anymore. Groups like Pinchy Spider have evolved to be able to leverage multiple avenues of attacks. Knowing where your organization is vulnerable, such as its misconfigured remote access and perimeter devices deployed to enable a remote workforce is a key to keeping your organization safe.
RiskIQ’s Enterprise Digital Footprint uses RiskIQ’s deep knowledge of the internet to link these devices and all other digital assets to an organization. By creating a running inventory of what it owns, organizations know what to protect and what’s vulnerable.
Deepen your knowledge and meet the activereach and RiskIQ teams at Mercedes-Benz World for an unforgettable day of security insights and high-performance. Learn how to achieve high-velocity SecOps in the race against ransomware with in-depth workshops on Friday 5th November 2021, 09:00 – 17:30. Register here or contact us for more information.
“Your Growing Digital Attack Surface And How To Protect It” is a shared post by Adam Hunt for RiskIQ