Christiaan Beek (Rapid7): “Emerging security risks: A closer look at potential threats”
Emerging security risks: A closer look at potential threats
It will come as little surprise to most people that cyber threats in 2023 have been prolific. From widely exploited and the increase in vulnerabilities to high-profile ransomware and extortion campaigns, this year has already seen more than its fair share of large-scale incidents.
As a security pro, you’re responsible for driving improvements to your organisation’s security posture. That starts with understanding how cyber attackers might target you, what you need to protect, and how well your organisation’s culture supports your security goals.
What are the most pressing cybersecurity threats?
The increase in the exploitation of vulnerabilities by threat actors
The technology sector is about as fast-moving as it gets. Systems are now more interconnected and attack surfaces have grown significantly, creating greater opportunities for threat actors to exploit vulnerabilities. They are taking advantage of weaknesses in software, networks, and human behaviour to compromise security. In 2022 alone, internet users worldwide discovered over 25,000 new common IT security vulnerabilities and exposures (CVEs), the highest reported annual figure to date. And exacerbating this is the rise in sophistication of cyber threats and the ease with which threat actors can access and deploy advanced tools to their advantage.
Cloud misconfigurations are fuelling security breaches.
Misconfigurations pose a significant risk in hybrid environments, as they are quickly and automatically deployed, providing a perfect opportunity for attackers to exploit. Our Cloud Misconfiguration Report shows that this problem is not limited to smaller, less mature organisations. It affects titans of industry with the capital, resources, and personnel to address such an avoidable risk.
Ransomware attacks are rising.
Attacks continue to surge, with over 1,500 known incidents this year, some of which have driven significant collateral damage. New ransomware groups have emerged, and with some targeting new routes into organisations such as file transfer technologies, we expect that downstream victims will significantly outpace primary or direct victims in these types of attacks.
Missing or lax multi-factor authentication are enabling vulnerabilities.
Nearly 40 percent of incidents this year resulted from missing or lax enforcement of multi-factor authentication (MFA). It’s particularly common in VPN and virtual desktops infrastructure. Neglecting or weakly enforcing MFA can heighten the risk of successful attacks, including ransomware.
The trend towards cybersecurity operationalisation
One of the main responses to these threats is the increasing operationalisation of security. Operationalising cyber security means implementing best practices and applying the same rigour to security as you would for any other element of the business. A useful approach is to implement a target operating model (TOM). A TOM enables you to align your organisation on risk tolerance and management of risks and threats.
A good model includes training to build a security-conscious culture; measurement of risk, threats and response metrics; accountability and agreed processes, adequate resourcing; and automation of routine security tasks such as administrative duties, patch management, incident detection, response, and remediation.
Core principles to address cybersecurity challenges
By adopting the following strategies, organisations can reduce their risk footprint, and act faster to contain attacks in hybrid IT environments.
‘Shift left’ to prevent problems before they happen
Prevent problems before they happen, with a single, consistent set of security checks to uncover misconfigurations and policy violations without delaying deployment. It gets us closer to solving issues at their root cause, prevents recurrence, and improves the working relationship between the security team and developers supporting a fast pace of innovation for their organisation.
Reduce the noise
A priority should be gaining visibility across the entire hybrid footprint, and unifying terminology and context so you can understand the top risks. That way you can simplify risk assessment and decision-making processes for not only your security teams but management as well.
Automation is a key tool in your security approach. It aims to take away the need for a user to perform every single security task but retain human oversight. Machine learning, anomaly detection, and integrated threat intelligence can identify and prioritise potential threats. Then orchestration tools can catch and fix misconfigurations before you realise they were ever there.
The importance of connection and knowledge sharing
Conversation and discussion between professionals and industry are essential to staying informed about current threats, best practices, and potential solutions.
Participating in networking opportunities, such as Cybersec Netherlands, can help security professionals stay at the forefront of the rapidly evolving threat landscape and contribute to your organisation’s security posture.
Begin your journey
To learn more about how to prevent potential threats and maintain a strong security posture, join Christiaan Beek, Senior Director of Threat Analytics, Rapid7 at CyberSec Netherlands, “The unicorn that has a rainbow of vulnerabilities.”