Speak with anyone in the cybersecurity field, and they’ll tell you this year will see the highest number of attacks and cybercrime damages to date; speak with anyone next year, and they’ll likely say the same thing.
2022 has seen over 6,000 CVEs reported in its first three months alone, along with global events that have further heightened our need to bolster cybersecurity measures.
What does the current cybersecurity threat landscape look like?
The current threat landscape consists of increased complexity with digital systems, increased difficulty in managing them in the remote workforce, and reduced resources available to combat it all.
I recently attended Secureworld, a conference that aims to tackle global cybersecurity issues and share critical knowledge and tools needed to protect against threats. This year the hot topics were supply chain attacks, vendor security, zero-days, and the likelihood of Russian aggression – as was to be expected.
Here are some of the main takeaways from the two-day event:
Supply chain attacks – These tripled in 2021, targeting suppliers and software developers with names like SolarWinds and Kaseya. There are no signs this activity will slow down due to the prevalence of open source-code (a common factor in these attacks).
Vendor security – Speakers extensively covered vendor security and how to choose the right vendors. Most panelists advocated a tough-love approach: Vet your vendors’ internal security protocols. It’s up to you to have proper visibility and put defenses in place in case a vendor becomes corrupted. Even companies that prioritize security, like Microsoft and Apple, fell victim to Alex Birsan’s exposure tests, so some instances are unavoidable. So keep your guard up.
Zero-days – 2021 also broke the record for attackers abusing unknown vulnerabilities, making zero-days more prevalent. Now, this doesn’t necessarily mean the sky is falling. After all, seeing more means defenders are finding and mitigating more. Endpoint Detection and Response (EDR) solutions are still at the top of the list as far as that visibility goes.
Likelihood of Russian aggression – With President Biden’s recent statement on our nation’s cybersecurity, many asked what to do in preparation. Having the latest threat intel from different sources is important, but having the strongest posture you can is important too, as there will likely be another threat tomorrow. It’s a good idea to revisit Biden’s security suggestions often to make sure your plan is in line with advised protocols.
Another big topic at Secureworld was about common errors organizations make when addressing the listed threats. It’s a good question with multiple answers, but for the purposes of this blog, I want to focus on often-overlooked actions that can make a big difference in security outcomes.
What are the most commonly overlooked actions companies can take to address cybersecurity threats?
Before I dive deeper into my answer here, I’d like to mention I come from the security side of things. I’ve uttered phrases like “You don't know what you don't know” more times than I can count. Still, I’m gaining a new understanding of how important visibility is to protect your organization from cyberattacks.
However, focusing on visibility alone and not on how to take action based on any intel you gain can be detrimental. EDRs and vulnerability scanners are incredibly powerful tools, but you can’t reap their full benefits if you don't also act on making subsequent process and configuration changes. That’s because visibility can create a lot of extra work.
Just think about it – there’s vulnerability analysis, prioritization, and the manual creation of remediation steps. Unfortunately, this can all work to increase your mean-time-to-remediate (MTTR). That means essential remediation steps often get overlooked.
So, what can you do beyond focusing on visibility?
It’s important to get the little things right. For example, let’s take a look at endpoint patching.
Patching isn’t the most exciting step in the threat prevention cycle. But the reality is that most attacks start with abusing out-of-date systems and software. Given that knowledge, patching becomes among the most critical steps to survive the current threat landscape.
Unfortunately, it's not just about patching and keeping your environment updated. Rather, it’s about patching promptly because of how quickly attackers can abuse any holes they find. Take Log4j as an example. The vulnerability was exposed publicly before a fix was in place, and many companies are still struggling to remediate it. Often, these patching SLAs are too lenient, with IT workers still failing to meet demands due to a lack of budget or resources allocated to their teams.
Doing the little things right also means not just focusing on “the now” but paying attention to the big picture. You have to anticipate impending potential threats. The latest zero-days, global threats, or APTs that grace the headlines are important, but the well-known commodity threats attackers still abuse are also important. Ensure those commodity threats are not overlooked and that your company has a security resilience plan that addresses attacks in all forms and stages.
Impactful ways to increase your security posture now
We spend a lot of time talking about the sheer volume and complexity of threats today. And we note that attackers are exploiting vulnerabilities at record speeds. But the pressure to mitigate threats cannot fall solely on your IT teams – your organization must agree to up its resources when it comes to protection. Here are three ways to move the needle.
The first resource to consider is automation. Automation is a highly impactful tool to help you stay compliant, meet SLAs, and remediate vulnerabilities. Ideally, automation helps you cut complexity and time to remediation, too. It also allows your team to get home in time for dinner with their families without the question of security hanging over them.
Another step you can take towards upping your security efforts is educating your end-users. All employees can and should be an extension of your security team.
Teaching your end-users to protect their devices is a great way to cover more ground. Otherwise, left on their own, they could create opportunities for threat actors to strike.
Teach your people – across your organization – how to recognize potential vulnerabilities and threats. Ensure they’re using multi-factor authentication and keeping their devices protected, no matter where they’re located.
Finally, make sure your team is equipped with the tools to succeed. Frameworks are a great place to start aligning your business and cybersecurity goals. Essentially, a cyber security framework is a clear-cut strategy, like a tech outline or blueprint, to help your organization achieve cybersecurity best practices. The National Institute of Standards and Technology (NIST) is a great reference for guidelines to help strengthen your security posture. Such institutions can help you highlight organizational changes to meet the latest security standards.
Cybercriminals have forums to share knowledge, so make sure you do too to combat them. Third-party threat intel feeds from security organizations are a great place to start, in addition to tools that monitor your environment specifically. Social media sites such as LinkedIn and Reddit may offer a fast way to stay up-to-date on the latest threat intelligence.
In the end, continuing to learn from and lean on one another is one of the most important things we can do to safely navigate the current cybersecurity threat landscape.
Automox for Easy IT Operations
Automox is the cloud-native IT operations platform for modern organizations. It makes it easy to keep every endpoint automatically configured, patched, and secured – anywhere in the world. With the push of a button, IT admins can fix critical vulnerabilities faster, slash cost and complexity, and win back hours in their day.
Demo Automox and join thousands of companies transforming IT operations into a strategic business driver.