With the expanding perimeter companies are creating as they move more of their business into the cloud, as well the addition of work-from-home network connections, there is a greater attack surface for hackers to penetrate. Focusing on these three attack surface risk reductions best practices will help security managers protect their programs.
As the recent cyberattack on Garmin proves, malicious actors are continuing to infiltrate networks of industry leaders, gaining access to thousands of sensitive customer and employee data points. The detrimental effects of the breach left users of Garmin products, from large Airline companies to the individual fitness gurus, with temporarily frozen devices, not knowing when the problem would be solved. While the details of the Garmin breach are not yet fully known, it isn't shocking to think that their massive attack surface wasn’t completely protected from malicious actors.
Here are three best practices to follow when protecting your attack surface:
Securing your endpoints, or points of access to your enterprise network that malicious actors will work to infiltrate, is an important step when protecting your business’s growing attack surface. Your endpoints probably extended further than you think, and can include both physical endpoints like laptops, desktops, mobile phones, and tablets, as well as digital environments like services and virtual territory. A few best practices to consider to confidently monitor your endpoints include:
Another attack surface risk reduction best practice to reduce the chance of malicious attacks before they occur in your network is to visualize your attack surface vulnerabilities through simulation and forecasting. Different software providers or risk analysis programs can run scenarios through your network to mimic a malicious attacker, giving you a picture of where your vulnerable spots are and what damage could occur. BitSight for Security Performance Management provides users with a Forecasting tool to give users an outsider’s view into their cybersecurity performance and where the gaps might exist. Forecasts reveal an attainable level of security performance for any organization along with action items necessary to achieve projected performance.
Using tools like attack and patch forecasting lets security leaders run tests on the programs they work so hard to build, so vulnerabilities can be recognized and patched before they’re taken advantage of. It also can allow users to test different patch solutions to see what has the greatest impact on security.
No matter how many software controls or programs you put in place to guard your attack surface, the opportunity for human error to lead to a cybersecurity attack is something that is hard to prepare for. Providing your employees with proper training to avoid common mistakes like falling for phishing scams is a good best practice for preventing human error to your attack surface. An interesting thing to note about social engineering, especially with phishing emails and communication attempts are the increased pull on a receiver’s emotions. Emotionally motivated attacks are using human empathy more and more to trick employees into providing compromising information, so adapting training to cover up-to-date phishing styles is important.
Limiting the devices employees are allowed to use for work related data is another attack surface risk reduction best practice. Requiring security measures such as VPN login systems, frequent password change, or two factor authentication are good ways to force employees to follow security measures surrounding their company network access. When it comes to protecting data run and stored with cloud computing services, a common best practice is to switch ownership of control accounts every few weeks so a new person has administrator access to the service. All of these are considered attack surface risk reduction best practices because they limit the window of time for malicious actors to discover a user’s password, as well and mitigate negative outcomes of losing or forgetting a password.
According to the AWS shared responsibility model, it is the company’s responsibility to properly train their employees on the cloud service access, as well as successfully integrate it into their systems to properly protect all vulnerable points. Being on top of employee cybersecurity training can save time and money by reducing the risk of detrimental human errors.
For more resources on how to implement attack surface risk reduction best practices, or improve on what you currently have in place, download our whitepaper on risk reduction in expanding ecosystems.
With the expanding perimeter companies are creating as they move more of their business into the cloud, as well the addition of work-from-home network connections, there is a greater attack surface for hackers to penetrate. Focusing on...
Did you know that the volume of attacks on cloud services more than doubled in 2019? According to the 2020 Trustwave Global Security Report, cloud environments are now the third most targeted environment for cyber attacks. While these...
As cloud services increase in popularity, a worrying cybersecurity trend has emerged. According to the 2020 Trustwave Global Security Report, the volume of attacks on cloud services more than doubled in 2019 and accounted for 20% of...
© 2021 BitSight Technologies. All Rights Reserved. | Privacy Policy | Security | For Suppliers
Contact Us | BitSight Technologies | 111 Huntington Ave, Suite 2010, Boston, MA 02199 | +1-617-245-0469