Dark Reading is part of the Informa Tech Division of Informa PLC

This site is operated by a business or businesses owned by Informa PLC and all copyright resides with them.Informa PLC's registered office is 5 Howick Place, London SW1P 1WG. Registered in England and Wales. Number 8860726.

Attacks/Breaches

4/15/2020
10:00 AM
Dave Meltzer
Dave Meltzer
Commentary
Connect Directly
Twitter
LinkedIn
RSS
E-Mail vvv
50%
50%

Cybersecurity Prep for the 2020s

The more things change, the more they stay the same. Much of the world is still behind on the basics.

How would your security program run differently if your perspective was shaped around attack-surface reduction? It's a great way to reframe the way your organization approaches security, especially when it comes to implementing the same basic controls that continue to be your very best line of defense against cyberattacks.

First off, what does "attack surface" mean? This term gets thrown around plenty within the infosec bubble, but are we all talking about the same thing? The first term you often hear people talk about is that of attack vectors. An attack vector really isn't much more than some avenue that a bad actor can use to exploit your systems, your networks, and your information.

The attack surface, then, is just the sum of all the attack vectors for your organization — the total surface area of potential system exposure, be it systems in your data center, laptops in the field, cloud applications, connected industrial systems, or any combination of these hybrid environments you may have.

If It's Boring, You're Probably Doing It Right
For example, the latest breach headline you've read relates back, in some way or another, to an exploited attack vector like an unpatched vulnerability. So, what's new about attack vectors? Nothing. The breaches making headlines today come from the same issues we've been seeing in cybersecurity for the past 20+ years. They're the result of unpatched vulnerabilities, misconfigurations, lapses in system updates, human error, and other run-of-the-mill oversights. In 2020, much of the world is still behind on the unglamorous basics.

Because let's face it: The basics are boring and often difficult to maintain. That's a tough combination to take on, especially when the cybersecurity industry touts a continuous stream of shiny new silver-bullet solutions meant to revolutionize the way systems are secured — if only such a thing existed.  

New Environments, New Risks, Same Control
Every organization has a unique attack surface. But an increasing number of organizations have one thing in common: changing infrastructure. Modern enterprises are adopting new systems and rolling out new environments, including the cloud and the Internet of Things. The types of devices that we're trying to protect today are growing from what we've had in the past. We've always had to protect servers, laptops, endpoints, databases, and applications. Today we have to expand that to include cloud offerings, a very large array of services that are constantly evolving in shifting public cloud and private cloud platforms.

New infrastructure means new attack vectors, thereby increasing the organization's overall attack surface. This includes technology such as smart light bulbs, smart buildings, and other connected systems. But it's not just the surface; the ways that people are going to attack these systems are also evolving. The scale and complexity of cyberattacks are both increasing every year, with a higher magnitude of vulnerabilities to match. With global breaches that expose millions of private records at once, it's plain to see that threat actors have quickly learned how to leverage the cloud on a level that might've been unfathomable a decade ago. The situation calls for security practitioners to ask themselves how they can extend the coverage of their existing infrastructure into these new system environments.

What's the Cloud Got to Do with It?
Let's say you were an early adopter of public cloud storage using AWS S3 buckets. In that service's early days, there was much less attention being paid to exploiting the technology. But as more organizations adopt it, we see the attackers themselves increase their level of attention they're paying to how to exploit it; your attack surface changes in terms of its relative importance or its nature based on the technology that others adopt as well.

For example, Orvibo, a manufacturer of IoT smart home devices, exposed 2 billion records of data, including customer information, over the Internet. Because all of these IoT devices connect up to a common cloud environment, aggregating all data in one place, that gives attackers a central place to break into all of these systems.

Today, the cloud is one of the biggest attack surfaces that organizations need to worry about. Many organizations are still in a very early maturity stage in terms of their cloud adoption. So, whereas some companies in the financial market, for example, have done a lot of investment into cloud security today, other companies in areas like manufacturing, retail, and healthcare are just starting to dip their toes into the cloud.

How to Approach Cybersecurity in the 2020s
The reality is we're only getting more complexity with the advancement of new technologies, along with the growth of security sectors due to niche startups. Combining the number of new security tools with the growing attack surface and the increase in attack vectors, it's clear that the complexity of what we're trying to protect increases year over year. When you have more complexity, you have more risk.

However, system complexity doesn't need to be a root cause for security failures if the right basic controls are being enforced consistently across the entire environment. One of the most critical things to be aware of is whether or not you're using the right cybersecurity framework. Recently, there's been increasing adoption of the NIST cybersecurity framework, for example. Whether you're using NIST or one of the other security frameworks out there (such as ISO 27002, CIS Top 20, IEC 62443), you need to understand that framework in depth and know how you are going to iterate and continuously improve security with it.

To be successful now, you must focus on your framework and on maturing in different security areas, making sure you're getting the basics right first and foremost. Doing those basics right, identifying the gaps and investing in addressing them, and patching your vulnerabilities — the answer in 2020 is the same as the answer 20 years ago. 

Related Content:

A listing of free products and services compiled for Dark Reading by Omdia analysts to help meet the challenges of COVID-19. 

David Meltzer is Chief Technology Officer at Tripwire, a leading provider of security, compliance, and IT operations solutions for enterprises, industrial organizations, service providers, and government agencies (www.tripwire.com). He began building commercial security ... View Full Bio
 

Recommended Reading:

Comment  | 
Print  | 
More Insights
Comments
Newest First  |  Oldest First  |  Threaded View
VerifyWithSMS
50%
50%
VerifyWithSMS,
User Rank: Apprentice
4/21/2020 | 6:48:32 PM
Re: good post, interesting content
Excelent content! +1
mpuig9406
50%
50%
mpuig9406,
User Rank: Apprentice
4/19/2020 | 11:38:53 PM
good post, interesting content
good post, interesting content

 
COVID-19: Latest Security News & Commentary
Dark Reading Staff 9/25/2020
Shopify's Employee Data Theft Underscores Risk of Rogue Insiders
Kelly Sheridan, Staff Editor, Dark Reading,  9/23/2020
Malware Attacks Declined But Became More Evasive in Q2
Jai Vijayan, Contributing Writer,  9/24/2020
Register for Dark Reading Newsletters
White Papers
Video
Cartoon
Current Issue
Special Report: Computing's New Normal
This special report examines how IT security organizations have adapted to the "new normal" of computing and what the long-term effects will be. Read it and get a unique set of perspectives on issues ranging from new threats & vulnerabilities as a result of remote working to how enterprise security strategy will be affected long term.
Flash Poll
How IT Security Organizations are Attacking the Cybersecurity Problem
How IT Security Organizations are Attacking the Cybersecurity Problem
The COVID-19 pandemic turned the world -- and enterprise computing -- on end. Here's a look at how cybersecurity teams are retrenching their defense strategies, rebuilding their teams, and selecting new technologies to stop the oncoming rise of online attacks.
Twitter Feed
Dark Reading - Bug Report
Bug Report
Enterprise Vulnerabilities
From DHS/US-CERT's National Vulnerability Database
CVE-2020-24565
PUBLISHED: 2020-09-29
An out-of-bounds read information disclosure vulnerabilities in Trend Micro Apex One may allow a local attacker to disclose sensitive information to an unprivileged account on vulnerable installations of the product. An attacker must first obtain the ability to execute low-privileged code on the ...
CVE-2020-25770
PUBLISHED: 2020-09-29
An out-of-bounds read information disclosure vulnerabilities in Trend Micro Apex One may allow a local attacker to disclose sensitive information to an unprivileged account on vulnerable installations of the product. An attacker must first obtain the ability to execute low-privileged code on the ...
CVE-2020-25771
PUBLISHED: 2020-09-29
An out-of-bounds read information disclosure vulnerabilities in Trend Micro Apex One may allow a local attacker to disclose sensitive information to an unprivileged account on vulnerable installations of the product. An attacker must first obtain the ability to execute low-privileged code on the ...
CVE-2020-25772
PUBLISHED: 2020-09-29
An out-of-bounds read information disclosure vulnerabilities in Trend Micro Apex One may allow a local attacker to disclose sensitive information to an unprivileged account on vulnerable installations of the product. An attacker must first obtain the ability to execute low-privileged code on the ...
CVE-2020-25773
PUBLISHED: 2020-09-29
A vulnerability in the Trend Micro Apex One ServerMigrationTool component could allow an attacker to execute arbitrary code on affected products. User interaction is required to exploit this vulnerability in that the target must import a corrupted configuration file.