Getting off the Attack Surface Hamster Wheel: Identity Can Help
IT professionals have developed a sophisticated understanding of the enterprise attack surface – what it is, how to quantify it and how to manage it.
The process is simple: begin by thoroughly assessing the attack surface, encompassing the entire IT environment. Identify all potential entry and exit points where unauthorized access could occur. Strengthen these vulnerable points using available market tools and expertise to achieve the desired cybersecurity posture.
While conceptually straightforward, this is an incredibly tedious task that consumes the working hours of CISOs and their organizations. Both the enumeration and the fortification pose challenges: large organizations use a vast array of technologies, such as server and endpoint platforms, network devices, and business apps. Reinforcing each of these components becomes a frustrating exercise in integration with access control, logging, patching, monitoring, and more, creating a seemingly endless list of tasks.
However, what makes the enterprise attack surface management unsustainable is its constant expansion. As businesses increasingly digitize, each new device, app, infrastructure component, and network extension creates a new attack surface. The struggle to continuously adapt, incorporating new security tools, becomes increasingly unsustainable over time.
This issue doesn’t stem from a lack of tools. With each generation of attacks and the emergence of new attack surfaces, a plethora of specialized startups pop up, offering new tools to combat these challenges. Whether it’s addressing business email compromise or other threats, there’s always a new tool tailored just for the job. It’s exhausting, it’s expensive and it’s just not sustainable. Large organizations are drowning in security technology, missing critical breach indicators because the security tools get in the way with a flood of false positives that need human work hours to investigate and categorize as such.
It’s time to break the cycle of acquiring another tool for another surface and get off the hamster wheel.
Let’s explore what’s driving this explosion in attack surface:
Increased use of cloud services
More businesses are transitioning to cloud-based services and storage. While these services offer significant benefits, they also increase the potential for cyber attacks if not properly secured. The cloud is here to stay – and on-prem is not going anywhere either. This means that the typical organization needs to account for duplication of attack surface across the environment – embracing a hybrid model as the new norm.
Cloud service providers excel in securing specific layers of the stack they oversee: the hypervisor, server and storage. However, safeguarding the data and apps within the cloud is the responsibility of the customer. That’s all on you.
1. Remote working
More people working from home and companies adopting more flexible work policies inevitably heightens security risks. And we still haven’t gotten it right. We still don’t have the same managed and secure infrastructure in the home as we had in the office.
2. The Internet of Things
The number of IoT devices in use is skyrocketing, and many of these devices lack adequate security measures. This vulnerability provides a potential entry point for cybercriminals seeking unauthorized access.
3. Supply chains
Cyber attackers can exploit weak links in an organization’s supply chain to gain unauthorized access to data, utilizing these weak links to gain unauthorized access to sensitive data or critical systems.
4. AI and machine learning
While these technologies have many benefits, they also introduce new vulnerabilities. Who are the privileged users at AI companies? Are their accounts secured? Are robotic workers (RPAs) using secure digital identities when accessing sensitive corporate data?
5. Social networking
The rise of social networks and their ubiquitous use across personal and business interactions brings new opportunities for criminals, particularly in the areas of social engineering. With the recent wave of business email compromise, we can see how vulnerable organizations are to these kinds of attacks.
What’s the solution?
The reality is that the traditional perimeter has been eroding for a long time. Security measures such as the physical keycard, firewall and VPN, when used as standalone defenses, became obsolete a decade ago. Identity has emerged as the new forefront in security.
So, what can you do? There isn’t a one-size-fits-all remedy, obviously. However, there are innovative approaches that alleviate some of the strain on CISO organizations. Across all the emerging threats and trends fueling the attack surface expansion, the common thread is digital identities. Prioritizing the security of identities through identity and access management (IAM), securing the directory, and privileged access management (PAM), you can roll out robust access control, enable a sound zero trust approach, and keep an eye on those privileged accounts.
Cyber insurance has emerged as a vital component in the cybersecurity arsenal, acting as a financial safety net in the event of a breach. Investing in cyber insurance can alleviate financial burdens and aid in the recovery process, making it a key piece of any security strategy.
Make no mistake, you still need to patch your systems, and you still need to make sure your configurations are secure. You still need a balanced approach to cybersecurity and to make any kind of attack expensive enough to deter attacks. However, when attackers are lured by vulnerable identities, you need to react.
Conclusion
Identities are vulnerable. As someone coined awhile back: the regular attacker doesn’t hack in the systems. They just log in, using compromised credentials, and rampage through the systems (including Active Directory) if left unchecked. Data supports this claim: The latest CISA analysis shows that using “valid accounts was the most prominent technique used across multiple tactics.” These credentials were not only used for initial access but also to navigate laterally through networks and escalate privileges. Astonishingly, valid credentials were identified as the most prevalent successful attack technique in over 54% of analyzed attacks. This emphasizes the importance of safeguarding digital identities as a fundamental defense strategy.