London’s financial district. — Image by © Tim Sandle
There are a number of areas that can be utilised in order to reduce potential cybersecurity vulnerabilities. Identifying these areas and putting them together into a comprehensive strategy can be challenging. To provide a starting point, the security SaaS company Indusface has outlined the areas for businesses to consider. The output has been provided to Digital Journal for review.
The types of areas to focus on include:
Understand your external attack surface
Large organisations struggle with maintaining an inventory of all external facing assets that could be accessed on the Internet.
The first step is to understand this risk and employ attack surface discovery tools to make a list of all the public-facing websites, applications, and IPs.
Scan the attack surface for vulnerabilities
An analysis by MITRE ATT&CK found that over 50 percent of cybersecurity incidents are a result of remote code execution. This is many times more prevalent than phishing attacks which cause around 10 percent.
Code injections can only happen when applications have vulnerabilities such as cross-site scripting or an HTML injection.
Once you identify the attack surface, the next step is to scan all of your business’s critical applications for vulnerabilities such as the above.
Most compliance guidelines also mandate annual manual penetration testing by certified experts.
Patch vulnerabilities regularly
The next step is to patch vulnerabilities on time. Most studies say that even critical and high-severity vulnerabilities are patched 200+ days after they were first discovered.
Reasons include a lack of expertise in applying patches (seen during last week’s CrowdStrike incident), legacy code or fear of disrupting business continuity.
The next alternative is to virtually patch the vulnerabilities on a WAAP or a WAF so that at least the vulnerability cannot be exploited while they buy time to deploy patches on code.
Perform Log Analysis Regularly
Next is to perform regular analysis on access logs, request logs, response logs and so on. This Is where artificial intelligence really shines and will be able to call out any anomalies that could point to any attacks on applications, as well as being able to leverage this intelligence to tune security policies.
Encourage individual accountability
Employees should recognise the personal implications of their workplace being involved in a data breach and have a strong understanding of endpoint security.
In 2023, over 352 million individuals were affected by data compromises, highlighting just how critical it is for organisations to provide employees with comprehensive training on what constitutes sensitive data and how they can protect it, as well as what is at stake if they do not adhere to the policies. Sensitive data of this nature could provide the blueprint to future personal attacks.
If employees understand that attacks don’t just affect the business, it will aid engagement on a more intrinsic level. Additionally, understanding the frequency of attacks will solidify their engagement.
Employ encryption software
Encryption software is able to provide peace of mind when it comes to data breach risks associated with remote working, such as encrypting sensitive files so that even if someone were able to steal them, they would not be able to access the data or content.
Employers should create security policies that ensure all workers, especially remote workers, are aware of how to encrypt files and when it is necessary. Furthermore, routine checks can be done to ensure this is being followed.
Utilise VPNs across the business
With data breaches costing businesses an average of $4.45 million in 2023, it is vital to invest in tools that can cover vulnerabilities.
As a defence against the risks that come with employees accessing work materials via unsafe home and public networks, all workers should be encouraged to use a virtual private network (VPN). This software is easy to implement and protects data that could otherwise be vulnerable to attacks over an open network.
AI usage policies
If a business relies heavily on their AI system, although it may aid speed with which things can get done, it also increases risks of opening a cyber attack, as it is likely to hold a wealth of crucial business information, from private consumer data, to financial data on the business itself. The same AI-based policies which provide business benefits for speed can become the biggest risk for attack vectors exploiting business logic and stealing more critical data.
Remote working policies
Venky Sundar, Founder and President – Americas, Indusface, has told Digital Journal about the data security risks that come with increased remote working:
“Remote working means people are working in less secure environments and their devices are more exposed to data breaches both digitally and physically. Many remote workers are using the same device for professional and personal use, or even accessing company data on devices shared with other household members.”
“Employers can no longer rely on the security strategies that were designed for in-office working; data is no longer just being accessed under one office roof where IT can supervise.
“Security policies can therefore be designed while assuming that a hack is inevitable. Even if an employee’s laptop is compromised, every business should design systems in such a way that hackers cannot access critical IT infrastructure through the employee’s endpoint and limit the damage. Therefore a holistic policy on both application security and endpoint security is essential.”
This post was originally published on here