By Phil Lewis, CEO, Titania
Cyberattack vectors change as frequently as the weather. Finding new ways to infiltrate systems keeps criminals thriving and cybersecurity teams on their toes. The sheer number of threats can result in severe ‘alert fatigue’ and response times that leave businesses exposed. Determining which threats pose a real cyber risk to the business, based on attack surface posture at any given time, is fast becoming the only way to get ahead.
Of course, today, it’s more critical than ever for businesses to be able to proactively shut down real-world attacks before they occur. Not only does preventing cyberattacks protect your business from loss (IBM’s recent Cost of a Data Breach Report calculated that the global average cost of a data breach in 2023 was $4.45 million), but it can also deliver better business outcomes. Accenture reports that some organizations use cybersecurity as a differentiator to help them undergo effective digital transformations.
This is why most organizations have invested significantly in trying to attack-proof their networks, relying on solutions that automate both threat detection and response. Automation solutions range from looking for known threats with known signatures to anomaly detection – looking for potential indicators of compromise from zero-day threats, where signatures have yet to be identified.
There is no one-size-fits-all solution. One of the most essential things regarding threat detection and management is the need for both a reactive and a proactive approach to shutting down attacks. Whilst improving reactive approaches is often the focus for organizations, it shouldn’t come at the detriment of proactive security.
What are cyber risk teams missing that they should consider for more comprehensive threat detection?
Even with effective response automation in place, knowing where to focus remediation efforts first, by viewing your attack surface through the attackers’ lens, is a game-changing way to reduce your attack surface and buy more time to discover and respond effectively to an attack. Attackers target different industries with differing objectives, using different attack techniques and tactics. So cyber risks relating to the attack surface need to be managed based on trusted industry-specific attack vectors and threat analysis.
This can be achieved using industry-specific attack guidance from trusted organizations like DHS CISA, FBI, MITRE in the US, and NCSC in the UK, as well as trusted threat intelligence vendors. These organizations provide valuable insights into the latest threats and attack techniques, which can help organizations stay ahead of emerging threats.
To complement this approach, vulnerability management teams should apply a similar attacker’s lens to attack surface risk management. Prioritizing the remediation of vulnerabilities known to be used in industry-specific attack vectors allows teams to reduce the risk of an effective attack through improved incident prevention.
Continuous vulnerability management solutions underpin the proactive approach, providing a view of the entire attack surface and improving incident prevention, forensics, and response. This approach helps organizations identify and address vulnerabilities before attackers exploit them.
Another often overlooked detection strategy is historic attack surface posture analysis. This analysis is vital to incident forensics, effectively informing incident response scope and focus based on posture at the time of the first indicator of compromise rather than when the threat was first found.
By analyzing the attack surface posture at the time of the first indicator of compromise, organizations can better understand the potential scope of the attack and focus their response efforts accordingly.
While these measures can help organizations improve their threat detection capabilities, it is important to remember that the longer a threat goes undetected, the longer it can move around the network to achieve its attack goal. So, having a comprehensive incident management plan that includes proactive incident prevention, as well as reactive incident response is vital.
An ounce of incident prevention is worth a pound of incident response
Underrated in recent years in favor of threat management automation solutions, cyber risk teams are now finding that effective attack surface management and incident prevention are as important, if not more important, than incident detection and response.
Incident prevention, through assuring effective network segmentation, not only limits the threat’s ability to move laterally, but it also gives threat hunters more time and better forensics to track and respond to the threat before it causes significant damage to the business, its operations, and its reputation.
The numbers stack up too; put simply, an ounce of incident prevention is worth a pound of incident response. Combined, they are invaluable.
By utilizing both proactive vulnerability management and reactive threat management measures, informed by industry-specific attack guidance, and current and historic attack surface posture analysis, organizations can improve their incident detection and management capabilities and speed up the discovery and shut-down of cyberattacks.
About Author: Phil has a proven track record in Strategic Risk Management starting with Deloitte, then with market leading Telecoms, Law Enforcement, and Cyber Security firms before leading Titania’s global expansion, as specialist in accurate, automated network configuration assessments
He is passionate about enabling organizations to deliver network security from compliance automation by helping them prioritize the remediation of the most critical risks to their business first.
Disclaimer: The views and opinions expressed in this guest post are solely those of the author(s) and do not necessarily reflect the official policy or position of The Cyber Express. Any content provided by the author is of their opinion and is not intended to malign any religion, ethnic group, club, organization, company, individual, or anyone or anything.