With network breaches making CIOs jobs increasingly challenging, Intelligent CIO asked Maher Jadallah, Regional Director – Middle East, Tenable, how they can best be avoided. Here is his response:
Today’s enterprise is extremely complex being composed of both traditional and modern IT assets, and boundaryless given it’s no longer confined by the organisation’s physical premises.
The number of available assets to target has expanded the attack service and, bluntly, many organisations are struggling. CIOs don’t know what they have, they don’t know where it is, and they don’t know how to protect it. This cyber-exposure gap leaves the organisation vulnerable and threat actors are exploiting this ignorance.
Compared to 20 years ago, cybercriminals can make millions from cyberattacks. Databases of credit card details, passwords and other personal information are regularly traded on the Dark Web. Malware infections can see organisations held to ransom. As long as it continues to be easy for cybercriminals to break in and monetise the attack, they’re going to keep doing it.
Nearly all of the big breaches and cyber-incidents weren’t perpetrated by a nation-state, nor were they particularly advanced, the attackers were just persistent and exploited a known vulnerability. All too often networks are being broken into as attackers leverage known flaws that have been left unpatched.
However, finding and fixing vulnerabilities isn’t straightforward. In the first 45 days of 2019 405 IT and 45 OT (operational technology) vulnerabilities were discovered and that number has been added to every day since.
Due to the exponential growth in vulnerabilities, it’s no longer enough to simply prioritise risk based on high severity or exploitability. The volume alone is more than this approach can handle and can leave companies in hot water if not dealt with accordingly and in a timely manner.
While the number of vulnerabilities has increased, the number being exploited is only a small fraction of the total. For that reason, it’s imperative that CIOs have an accurate view of the entire attack surface. Doing so means you can effectively respond to those vulnerabilities which represent the greatest threat to the organisation. This can be broken down into three key disciplines:
- Make sure you have visibility into all aspects of your organisation’s attack surface – including cloud resources, containers, industrial control systems and mobile devices, which may or may not be on IT’s radar. As part of this inventory, determine where specific threats exist – for example, if you’re particularly diligent about deploying patches then the latest Windows vulnerability may not be as big a concern as it would be for an enterprise that hasn’t patched its systems in seven years. By identifying where your exposures are – or where they are likely to be – you reveal the larger picture of what’s at risk.
- Next is to clarify which assets are most critical to your business in order to respond to the threats forcefully and appropriately. Determine the criticality of each asset and rank its importance in terms of response times. Then update this information regularly. Asset tagging is a good place to start building an inventory of assets based on their criticality.
- The final piece of the puzzle is gaining insight into which vulnerabilities are currently being exploited in the wild, along with early warnings about those likely to be attacked in the near future. Having access to this kind of information allows security teams to prioritise their threat response based on the criticality of the asset, threat intelligence and probability analysis.