With the constantly evolving nature of cyberattacks, it is not enough to have a system for detecting threats and countering security assaults. Detection, mitigation, and remediation should be done in a timely and efficient manner. Delays can be disastrous. Allowing hackers a few more minutes to stay in the system can have dire consequences.
An overwhelming majority of hacking incidents take a few minutes to complete and weeks to discover. This is according to a Verizon study, which revealed that 93 percent of hacks only took minutes with 80 percent of the victims discovering the breach only after weeks have passed.
There is an urgency for organizations to improve their existing cyber defenses. It is not enough to have the basic security controls in place. Consider the following pointers to ensure the prompt detection of threats and vulnerabilities before they become serious problems.
Conduct continuous security testing
For years, organizations have relied on penetration testing to evaluate the effectiveness of their security solutions. However, it is becoming apparent that traditional pen testing no longer suffices. One-off and periodic security testing procedures cannot keep up with the increasing volumes and sophistication of cyberattacks.
Continuous security validation or testing is now the recommended strategy in dealing with the new cyber threat landscape. One-time, occasional, and periodic testing strategies are not only outdated; they do not provide adequate assurance of reliable cybersecurity.
As Gartner’s How to Respond to the 2020 Threat Landscape paper points out, “assessing widespread security threat trends, such as ransomware and phishing, requires a continuous adaptive risk and trust assessment strategic approach.” Cybercriminals ceaselessly launch attacks and devise new ways to break security controls. It only makes sense to counter them with an equally persistent defensive posture. Not doing so will most likely create opportunities for hackers and other bad actors to exploit vulnerabilities or security weaknesses that inevitably emerge in networks or systems over time.
Continuous testing enables extensive visibility across the full cyber kill chain. This is possible because of the ability of continuous security validation platforms to integrate data from various security controls and present them in a unified dashboard for more convenient access and analysis. With this, security teams get to see threats as they emerge and implement the necessary mitigation or remediation actions.
Additionally, many continuous security validation platforms also support red/purple team exercises to further boost security testing procedures. These exercises can be tailor-made to match the specific needs and security policies of an organization.
The idea of conducting continuous security penetration testing may sound daunting, but it actually is not. By choosing the right security validation platform, the process can become quick and easy. Leading security validation platforms incorporate artificial intelligence to automate the simulation of attacks and analyze cyber threat information.
They can also provide urgency indicators or rankings to help security teams spot the most critical vulnerabilities and address them promptly. Often, security controls output large amounts of security data including alerts and notifications. If the data are presented in chronological order, there’s a very high likelihood that the most critical information will be run over in a stampede of unsorted data.
Integrate the MITRE ATT&CK framework
In addition to continuous security testing, taking advantage of the MITRE ATT&CK framework is also recommended. The result of the collaboration of security experts worldwide, the framework serves as a knowledge base for the latest cyber threat techniques and tactics. It informs security teams about the signs or manifestations of attacks as well as the strategies to mitigate their impact and prevent them from successfully penetrating security defenses.
MITRE ATT&CK provides a matrix of attack information, which serves as a handy guide on how to detect and eliminate an attack. It includes information on reconnaissance, resource development, initial access, execution, persistence, privilege escalation, defense evasion, credential access, discovery, and lateral movement.
Establish security protocols, rules, and best practices
Anomalies become more easily detectable when there are protocols and standards set in place. Having clear protocols and best practices creates a sense of predictability, which can highlight changes that may happen if a vulnerability emerges or an attack successfully penetrates.
This is particularly useful in dealing with zero-day exploits, which are notably difficult to detect and prevent. Security best practices such as the following can significantly reduce the chances of falling prey to zero-day attacks.
Enforcing a policy of promptly updating or patching all the software or apps used in an organization drastically lessens the possibility of successful zero-day attacks. Security patches are the best solution against these attacks.
Input validation and sanitization
Essentially, what input validation and sanitization seek to achieve is the elimination of unexpected outcomes when untested inputs are entered into programs or applications. There are instances when the entry of special characters into an app causes it to behave erratically or open up security vulnerabilities. It would be preferable if the organization learns about these first before bad actors discover and exploit them.
Runtime Application Self-Protection (RASP)
RASP is one of the more recent solutions developed against zero-day attacks. RASP agents can be run in applications to evaluate request payloads versus the context of the app code at run
time to check if a request is legitimate or malicious. As the phrase suggests, Runtime Application Self-Protection makes it possible for applications to protect themselves.
Constant awareness or zero-day initiative
Zero-day exploits entail a race in becoming the first to discover a vulnerability. If bad actors learn aout them first, they get the chance to take advantage of the security weakness and penetrate security defenses. However, if employees or the organization discovers the vulnerabilities first, they get to implement solutions before anyone manages to exploit the defects or issues.
Through a zero-day initiative, companies can set up a reward system for those who report unknown security vulnerabilities or partner with other organizations to establish a collaborative cyber threat intelligence network.
Get everyone involved
Cybersecurity is no longer the sole responsibility of IT departments. With most employees nowadays having access to various IT resources of an organization, it only makes sense to encourage everyone’s involvement in ensuring effective cybersecurity.
“Clearly, cybersecurity is everybody’s problem. It’s high time this truth was recognized, starting with the executive suite on down,” writes cybersecurity expert Andrew Douthwaite in a CSO Online piece about who should be responsible for cybersecurity.
Organizations will benefit greatly from having workshops or training sessions on how everyone can be part of the cybersecurity solution of an organization. It bears pointing out that people are still the weakest link in the cybersecurity chain. Human errors and negligence rank among the top reasons why cyber attacks succeed. A study by IBM found that around 95 percent of IT security breaches are attributable to human error.
To address this alarming weakness, it is essential to educate employees and everyone in an organization to become aware of social engineering tactics and the schemes used by cybercriminals to take advantage of tech user naivete. Everyone needs to learn how to become a part of the solution instead of remaining as a weakness or a component of the cybersecurity problem.
The prompt detection and resolution of security vulnerabilities require an aggressive effort on the part of organizations. It is not enough to rely on the deployment of security solutions. Conducting continuous security testing is fundamental. Additionally, organizations need to adopt collaborative cyber threat intelligence, security best practices, and a mindset of getting everyone involved to make sure that vulnerabilities are addressed as soon as possible.
Interesting related article: “What is Cybersecurity?”