The past year has been pivotal in the dismal world of cybercrime. From new zero days like Log4J and SolarWinds to cybercrime being leveraged as a form of warfare, there is a lot to learn from current cybersecurity trends.
Verizon’s 2022 Data Breach Investigations Report (DBIR) was recently released and highlighted data-driven, real-world views based on analysis of over 23,000 incidents and 5,200 confirmed breaches from around the world. Here are some of the key takeaways SafeBreach has identified to help your organization create a competitive cyber resilience strategy and minimize business risk.
There Are Four Key Paths to Your Estate
Whether the actor is external, internal, or a partner, the path to an organization’s network does not change. Credentials, phishing, exploiting vulnerabilities, and botnets are the leading areas of concern. Without a plan to handle all, an organization is not satisfactorily protected. Credentials are one of the most common mechanisms for attackers gaining entry into an organization’s network. If an attacker possesses legitimate credentials, organizations are severely limited in their ability to detect the threat. Stolen credentials are the number one pathway into an environment, accounting for almost 40% of data breaches according to the report.
Phishing and other social engineering stunts have become a popular avenue for threat actors to take advantage of the human threat associated with cybercrimes. Clicking on malicious links is extremely common as attackers learn how to mimic emails that are virtually impossible to detect as fake without paying extremely close attention. Exploiting vulnerabilities allows an attacker to take advantage of a threat to gain access to an organization. While organizations are made aware of new vulnerabilities daily, it is virtually impossible to fix them all in a timely manner. As a result, there is often the potential for easy access to an organization’s network as attackers will go after organizations that still have outstanding work to do to fix a vulnerability.
Botnets—the culprit of distributed denial-of-service (DDOS) attacks—were a common path to incidents this year. By sending junk data to computers or servers to cause traffic jams for legitimate users, Botnets wreak havoc on an organization’s overall business functions.
Enhancing your current security strategy to account for the key paths to your network requires significant collaboration across multiple teams. Breach and attack simulation (BAS) can help organizations find common ground when it comes to enhancing their security strategy as a whole. By simulating phishing attacks, botnet malware transfer, credential harvesting, and other attacks developed from industry vulnerabilities, BAS allows you to address all four of the paths into your network in one solution. While the attack simulations do not solve for inadequate security controls to secure these paths, the simulations provide security teams with quantitative reports that can be leveraged to enhance their security strategy and remediation efforts for each pathway.
Vulnerability Exploitation Is Rising
Vulnerability exploits take advantage of an organization’s inability to remediate gaps in a timely manner. While vulnerability exploitation doubled in the past year, the overall remediation speed and completeness from exploits is up from the past six years. Paired with security controls and best practices to minimize vulnerabilities, organizations can decrease their likelihood of falling victim to a vulnerability exploit.
Organizations have to constantly prioritize and reprioritize which vulnerabilities they are going to focus on remediating first—which in turn makes them more vulnerable. Currently, there is not a single solution on the market that can adequately solve for threat actors gaining network access through exploiting a vulnerability, but there is a proper integration strategy of key security solutions that can minimize the potential.
Proper integration of key tools—such as vulnerability management (VM) with BAS—can provide end-to-end support in identifying vulnerabilities, prioritizing remediation efforts, and providing a summarized view to security teams. Through this integration, VM tools provide a security team with automation that helps prioritize vulnerabilities so security teams and SOAR tools can focus on remediation. VM is responsible for the prioritization of vulnerabilities to determine which to remediate first based on the risk they pose to the business. By allowing the security teams to focus on remediation with SOAR tools also integrated in the BAS platform, they can minimize the likelihood of falling victim to vulnerability exploits.
Partner & Software Updates Are the Leading Vectors
Partner and software updates made headlines last year with Solar Winds, and it is time for organizations to ensure their security strategy accounts for this leading incident vector. Organizations must shift their focus to ensure their partners are properly vetted from a security perspective at inception. Software patching frequency and speed must be a part of the overall security strategy. Remediation time is key and validating that updates have been properly implemented adds an additional level of assurance for security professionals and key stakeholders.
BAS enables continuous security validation to reach designated assets to identify indicators of compromise (IOCs) for select high and low-value-assets. Critical paths and chokepoints visualize the attack paths, how an attacker can most easily reach and/or compromise high value assets, and the user can then choose and test the effectiveness of different security controls, and applicable mitigations to assess how the risks can be remediated in the most effective way.
This approach validates the controls in your entire security ecosystem with unmatched visibility into how your ecosystems will respond at each stage of the defense process to strengthen cyber resiliency.
Implement a Proactive, Data-Driven Approach
The findings of this year’s Verizon DBIR are clear and comprehensive and should incite urgent action from organizations looking to enact proactive security strategies. By investing in solutions like continuous security validation enabled by most BAS, these platforms can work seamlessly with your security controls and tech stack, integrating with SIEM, SOAR, EDR, workflow management, and vulnerability management tools to help security teams to reduce critical business risk and to drive substantial tangible impact for your enterprise.
Learn more about SafeBreach and how we can validate the controls in your entire ecosystem with unmatched visibility into how your ecosystem will respond at each stage of the defense process. Request a demo with one of our cybersecurity experts today.