91传媒

IDENTIFYING THE MOST COMMON THREATS TO ENTERPRISE SECURITY

As with all things, cybersecurity threats, actors, and methods continue to evolve. Emerging threats such as supply chain vulnerabilities and our increasing dependency on interconnected systems and data-sharing applications have made security an ever-pressing concern for enterprises. Ensuring the protection of critical data and other resources must remain a top priority and needs to be done in a structured manner鈥攁nd in doing so, you can create a robust framework to reduce the chances of overlooking important details.

Below, we鈥檒l explore the most common security threats and some of the initial steps you can take to safeguard your organization in the future.

Potential Threats to Enterprise Security

PHISHING

Email is often the first way attackers enter a network. Its widespread use and the implicit trust we place in those with whom we communicate makes it an ideal place for threat actors to approach those with access to protected data.

Security plans must account for this eventuality, with both training for users and the appropriate detective and preventive controls for your email systems. As a good way to familiarize your employees with the possibility of email breaches and enhance their ability to spot them, hold in-depth trainings on the hallmarks of phishing attempts and develop a program to send fake, yet realistic 鈥榩hishing test鈥 emails to users from the organization.

VULNERABLE APPLICATION OR DEVICE EXPLOITATION

Once a network has been breached, the attacker will seek an application or device to exploit. Most systems have vulnerabilities, and there is a constant arms race to both enumerate and identify them as well as to develop exploits that take advantage of them. Vulnerability management is often overlooked or underdeveloped as a core competency of a security team, but doing so puts the entire organization at risk. If you鈥檙e not searching for vulnerabilities, your adversaries are.

Start with detailing all the areas where your systems interact with others and enumerate the vulnerabilities. Then, implement a program to prioritize and find solutions for those weaknesses. While you won鈥檛 be able to solve听every听problem, you should at least have a plan to manage any risk that you鈥檙e aware of.

INSTALLATION OF COMMAND & CONTROL

The next stop for an attacker is the building of a beachhead within your network. Vulnerabilities are often used to establish that foundation on a server or workstation. Endpoint protection solutions, combined with an appropriately-sized logging and alerting program, will be key in defending against this part of the threat chain.

When developing logging infrastructure, use the听LACMAR听acronym to ensure completeness of vision:

  • Logging听鈥 Make sure you鈥檙e logging as much of your environment as you can. A more complete picture aids your efforts in mounting a defense.
  • Aggregate听鈥 Consolidate your logs to allow for easier analysis.
  • Correlate听鈥 Perform analysis to gain a better overall picture of the actions.
  • Monitor听鈥 Determine your environmental and cybersecurity baselines and monitor for deviation from those norms.
  • Alert听鈥 Automate your alerting capabilities as much as possible based on those activity baselines.
  • Retain听鈥 Retain logs no longer than needed. This helps to limit both operational and regulatory exposure.

LATERAL MOVEMENT IN THE ENVIRONMENT

Like any infection, malware thrives by moving between and infecting more hosts. Most networks are much more robust on the edge than they are on the inside. The concept of 鈥榋ero Trust鈥 helps to alleviate this issue by erecting reasonably high walls鈥攂oth to identity and network communication鈥攊nside the network.

The first logical step is to understand which machines and applications should (and shouldn鈥檛) talk to each other. Implementing these types of controls must be done with care, but will go a long way towards preventing the proliferation of threats within your network.

ACCESS & AUTHENTICATION TO DATA

The final goal of any threat actor is gaining access to protected data or the systems that host it. At this point, they鈥檝e gathered credentials and know which machines should be accessed. And, because threat actors can sit on the network for months before being detected, they likely have an idea of the data that needs to be extracted or encrypted.

Corporations prepare for this stage in several ways. First, they should understand what protected data is present. This allows them to understand what鈥檚 at risk and build appropriate protections along with response and recovery procedures. Controls that either detect or deter movement of data are also in scope, and when properly deployed, can significantly limit the blast radius of a ransomware attack.

Conclusion

Security programs depend on the time-honored triad of 鈥楶eople, Process and Technology.鈥 While all of these provide some benefit on their own, they work better as part of a complete program that establishes risk appetites and updates the security team based on risk exposure. Building this program takes planning to avoid unnecessary solution overlap or gaps in your protection scheme, but can be the difference between a breach being manageable or catastrophic for your organization.

To speak with an expert about building or assessing your program,听get in touch听with us today.

Contributing Author: Mervyn Chapman

SUBSCRIBE
Subscribe to the 91传媒 I/O Newsletter for a periodic digest of all things apps, opps, and infrastructure.
This site is protected by reCAPTCHA and the Google听听补苍诲听听补辫辫濒测.