Dark Reading is part of the Informa Tech Division of Informa PLC

This site is operated by a business or businesses owned by Informa PLC and all copyright resides with them.Informa PLC's registered office is 5 Howick Place, London SW1P 1WG. Registered in England and Wales. Number 8860726.

Attacks/Breaches

4/15/2020
10:00 AM
Dave Meltzer
Dave Meltzer
Commentary
Connect Directly
Twitter
LinkedIn
RSS
E-Mail vvv
50%
50%

Cybersecurity Prep for the 2020s

The more things change, the more they stay the same. Much of the world is still behind on the basics.

How would your security program run differently if your perspective was shaped around attack-surface reduction? It's a great way to reframe the way your organization approaches security, especially when it comes to implementing the same basic controls that continue to be your very best line of defense against cyberattacks.

First off, what does "attack surface" mean? This term gets thrown around plenty within the infosec bubble, but are we all talking about the same thing? The first term you often hear people talk about is that of attack vectors. An attack vector really isn't much more than some avenue that a bad actor can use to exploit your systems, your networks, and your information.

The attack surface, then, is just the sum of all the attack vectors for your organization — the total surface area of potential system exposure, be it systems in your data center, laptops in the field, cloud applications, connected industrial systems, or any combination of these hybrid environments you may have.

If It's Boring, You're Probably Doing It Right
For example, the latest breach headline you've read relates back, in some way or another, to an exploited attack vector like an unpatched vulnerability. So, what's new about attack vectors? Nothing. The breaches making headlines today come from the same issues we've been seeing in cybersecurity for the past 20+ years. They're the result of unpatched vulnerabilities, misconfigurations, lapses in system updates, human error, and other run-of-the-mill oversights. In 2020, much of the world is still behind on the unglamorous basics.

Because let's face it: The basics are boring and often difficult to maintain. That's a tough combination to take on, especially when the cybersecurity industry touts a continuous stream of shiny new silver-bullet solutions meant to revolutionize the way systems are secured — if only such a thing existed.  

New Environments, New Risks, Same Control
Every organization has a unique attack surface. But an increasing number of organizations have one thing in common: changing infrastructure. Modern enterprises are adopting new systems and rolling out new environments, including the cloud and the Internet of Things. The types of devices that we're trying to protect today are growing from what we've had in the past. We've always had to protect servers, laptops, endpoints, databases, and applications. Today we have to expand that to include cloud offerings, a very large array of services that are constantly evolving in shifting public cloud and private cloud platforms.

New infrastructure means new attack vectors, thereby increasing the organization's overall attack surface. This includes technology such as smart light bulbs, smart buildings, and other connected systems. But it's not just the surface; the ways that people are going to attack these systems are also evolving. The scale and complexity of cyberattacks are both increasing every year, with a higher magnitude of vulnerabilities to match. With global breaches that expose millions of private records at once, it's plain to see that threat actors have quickly learned how to leverage the cloud on a level that might've been unfathomable a decade ago. The situation calls for security practitioners to ask themselves how they can extend the coverage of their existing infrastructure into these new system environments.

What's the Cloud Got to Do with It?
Let's say you were an early adopter of public cloud storage using AWS S3 buckets. In that service's early days, there was much less attention being paid to exploiting the technology. But as more organizations adopt it, we see the attackers themselves increase their level of attention they're paying to how to exploit it; your attack surface changes in terms of its relative importance or its nature based on the technology that others adopt as well.

For example, Orvibo, a manufacturer of IoT smart home devices, exposed 2 billion records of data, including customer information, over the Internet. Because all of these IoT devices connect up to a common cloud environment, aggregating all data in one place, that gives attackers a central place to break into all of these systems.

Today, the cloud is one of the biggest attack surfaces that organizations need to worry about. Many organizations are still in a very early maturity stage in terms of their cloud adoption. So, whereas some companies in the financial market, for example, have done a lot of investment into cloud security today, other companies in areas like manufacturing, retail, and healthcare are just starting to dip their toes into the cloud.

How to Approach Cybersecurity in the 2020s
The reality is we're only getting more complexity with the advancement of new technologies, along with the growth of security sectors due to niche startups. Combining the number of new security tools with the growing attack surface and the increase in attack vectors, it's clear that the complexity of what we're trying to protect increases year over year. When you have more complexity, you have more risk.

However, system complexity doesn't need to be a root cause for security failures if the right basic controls are being enforced consistently across the entire environment. One of the most critical things to be aware of is whether or not you're using the right cybersecurity framework. Recently, there's been increasing adoption of the NIST cybersecurity framework, for example. Whether you're using NIST or one of the other security frameworks out there (such as ISO 27002, CIS Top 20, IEC 62443), you need to understand that framework in depth and know how you are going to iterate and continuously improve security with it.

To be successful now, you must focus on your framework and on maturing in different security areas, making sure you're getting the basics right first and foremost. Doing those basics right, identifying the gaps and investing in addressing them, and patching your vulnerabilities — the answer in 2020 is the same as the answer 20 years ago. 

Related Content:

A listing of free products and services compiled for Dark Reading by Omdia analysts to help meet the challenges of COVID-19. 

David Meltzer is Chief Technology Officer at Tripwire, a leading provider of security, compliance, and IT operations solutions for enterprises, industrial organizations, service providers, and government agencies (www.tripwire.com). He began building commercial security ... View Full Bio
 

Recommended Reading:

Comment  | 
Print  | 
More Insights
Comments
Newest First  |  Oldest First  |  Threaded View
VerifyWithSMS
50%
50%
VerifyWithSMS,
User Rank: Apprentice
4/21/2020 | 6:48:32 PM
Re: good post, interesting content
Excelent content! +1
mpuig9406
50%
50%
mpuig9406,
User Rank: Apprentice
4/19/2020 | 11:38:53 PM
good post, interesting content
good post, interesting content

 
COVID-19: Latest Security News & Commentary
Dark Reading Staff 7/1/2020
Ripple20 Threatens Increasingly Connected Medical Devices
Kelly Sheridan, Staff Editor, Dark Reading,  6/30/2020
DDoS Attacks Jump 542% from Q4 2019 to Q1 2020
Dark Reading Staff 6/30/2020
Register for Dark Reading Newsletters
White Papers
Video
Cartoon
Current Issue
The Threat from the Internet--and What Your Organization Can Do About It
This report describes some of the latest attacks and threats emanating from the Internet, as well as advice and tips on how your organization can mitigate those threats before they affect your business. Download it today!
Flash Poll
Twitter Feed
Dark Reading - Bug Report
Bug Report
Enterprise Vulnerabilities
From DHS/US-CERT's National Vulnerability Database
CVE-2020-15478
PUBLISHED: 2020-07-01
The Journal theme before 3.1.0 for OpenCart allows exposure of sensitive data via SQL errors.
CVE-2020-6261
PUBLISHED: 2020-07-01
SAP Solution Manager (Trace Analysis), version 7.20, allows an attacker to perform a log injection into the trace file, due to Incomplete XML Validation. The readability of the trace file is impaired.
CVE-2020-15471
PUBLISHED: 2020-07-01
In nDPI through 3.2, the packet parsing code is vulnerable to a heap-based buffer over-read in ndpi_parse_packet_line_info in lib/ndpi_main.c.
CVE-2020-15472
PUBLISHED: 2020-07-01
In nDPI through 3.2, the H.323 dissector is vulnerable to a heap-based buffer over-read in ndpi_search_h323 in lib/protocols/h323.c, as demonstrated by a payload packet length that is too short.
CVE-2020-15473
PUBLISHED: 2020-07-01
In nDPI through 3.2, the OpenVPN dissector is vulnerable to a heap-based buffer over-read in ndpi_search_openvpn in lib/protocols/openvpn.c.