Security Think Tank: Defenders must get out ahead of complexity

Over the past two years, organisations have experienced a quantum leap in digitisation, adopting an array of new technologies to facilitate remote and hybrid working. Consequently, they are dealing with a more complex technology stack than ever before, which introduces new vectors for cyber criminals to exploit.

In a landscape of heightened cyber threat, regulators worldwide, including the UK’s National Cyber Security Centre (NCSC), have advised organisations to build cyber resilience, but this task is more complex than ever. The interconnection between technologies enables hackers to maximise the impact of their attacks by moving through an organisation’s networks in search of the most valuable assets to exploit.

It’s vital for security teams to begin to understand this threat. Identifying attack pathways can be difficult, but it’s important to note that hackers invariably seek the path of least resistance to attack systems. This means leveraging known credentials and available connections between one system and another, which are often natively available within a network. Where an attack pathway is identified, security teams must drill down and inspect whether these lead to critical assets or other exposed parts of a network.

Security teams must also understand the technologies employed across an organisation and seek to identify vulnerabilities that can be “chained” to build a path. By scanning source code for vulnerabilities, conducting penetration testing of products and services, and working closely with a security operations centre (SOC) to monitor logs of network events across an entire infrastructure, security teams can identify potential vulnerabilities and proactively monitor malicious activities at the perimeter of an organisation’s network.

“If you’re not sure, seek advice. Cyber security is a vast space and you can’t know everything. It’s better to ask for help than to leave the door open for an attack”

Vulnerabilities in software are regularly published as Common Vulnerabilities and Exposures (CVEs). While attackers will begin to develop exploits of identified weaknesses, it is essential that security teams work at pace to identify these attack windows before a pathway is formed.

For future implementations, it’s important to get ahead of the risk. The first step is to ensure that, when new solutions are being considered, the security team is involved from the very beginning. Educate IT teams and users in the importance of security considerations and build processes that ensure your team has a seat at the table from day one. By involving security teams early, organisations can audit new technologies for vulnerabilities before adding them to the network.

IT teams should also adopt the principle of least privilege when it comes to their tech stack. To more effectively facilitate this, organisations can also look into adopting privilege access management (PAM) tools to control, monitor and audit permissions. In addition to this, secure endpoints by removing local admin rights, and implement continuous controls monitoring to ensure that existing technology is configured correctly to reduce the risk of vulnerabilities.

Consider the pathways an attacker may take through your various systems and implement layered security to minimise the paths available. Think of it like the Swiss cheese principle – you want to create a series of barriers. Attackers may make it through one or two of these, but the more layers there are, the lower the chances of them making it all the way through. Important elements to consider are tools to prevent distributed denial of service (DDoS) attacks, phishing, malware and data loss prevention. Also use pen testing to identify and patch vulnerabilities.

My final piece of advice for organisations – and security teams – is this: If you’re not sure, seek advice. Whether that’s from your peers in the security sector, the provider of your technology, or from external cyber security consultants. Ultimately, cyber security is a vast space and you can’t know everything. It’s better to ask for help than to leave the door open for an attack. If you follow these steps, your organisation can begin to make sense of its complex technology ecosystem and build up its security posture.

Jack Chapman is vice-president of threat intelligence at Egress.