Enterprise security professionals may be surprised by where they find themselves susceptible to attack. Thankfully, the weak links below don't have to leave your enterprise open to breaches or other security vulnerabilities. If you have the right tools for detecting those susceptibilities and threats, you can fix those weak links before they threaten your company and its customer data.
When assessing weaknesses in your organization’s cybersecurity defenses, always include people as one of the soft spots. Cyber-attackers prey on humans’ psychological flaws, targeting them as a weak link in the cybersecurity chain. But there are other emerging weaknesses that you also need to consider.
Here are the four key areas where you should be focusing to identify weak links, the security solutions that are a must-add to your enterprises' arsenal, and how to implement those tools successfully.
1. Humans remain a weak link
While cybersecurity awareness has improved generally, people remain a soft spot that attackers continue to exploit. With most US information workers continuing to work from home during the pandemic, you should update your security awareness training to include more on threats facing remote workers. All it takes is a single click by an exhausted or distracted user to be duped by an email, that looks perfectly legitimate but is really a spearphishing scam.
The last few months have seen a surge in phishing attacks with COVID-19-themed lures, including one selling a phony vaccine created from the blood of recovered coronavirus patients. Telework also introduces opportunities for remote workers to become non-malicious, unintentional insider threats. For example, confidential discussions that previously would have been confined to the office could be the target of hacked IoT devices, such as Alexa or Siri smart speakers, which could be digitally weaponized into monitoring devices.
Everyone should try to instill a cybersecurity culture to mitigate the human weak link, but other areas of weakness that may surprise you, such as the risks associated with APIs, containers, and supply chain attacks on open-source software.
2. API risks remain
Application programming interfaces (APIs) define a backdoor into adjacent systems and apps for those who are intent on gaining access. Detailed documentation about APIs is usually available to provide transparency to developers and help them understand how they work. But this documentation also provides the blueprint for hackers to use APIs in their attacks. Analysis of Fortify on Demand (FoD) vulnerability data shows that API abuse issues have roughly doubled over the past four years.
APIs expose application logic and data, therefore providing access to multiple sources of potentially sensitive data and mission-critical services. In turn, they widen the application layer’s attack surface. Fortify research found that 35% of the analyzed web applications had API abuse problems, and the incidence increased to 52% for mobile applications.
You can use API collaboration tools such as Swaggerhub to provide input into dynamic application security testing tools for a vulnerability analysis of APIs. API scanning tools can identify weaknesses and vulnerabilities, giving you the visibility needed to then take remediation actions.
Organizations are also starting to layer in API gateways that provide a layer of governance that can manage, secure, and measure the APIs in use.
3. Container security concerns
Containers help organizations modernize faster by making it easier to deploy applications, and they have played a significant role in the DevOps evolution. By combinging them with platforms such as Kubernetes, development teams can deliver code commits faster and achieve business objectives faster.
While there is growing emphasis on shifting left and extending right with the use of containers and Kubernetes, organizations remain concerned about their runtime environments. Indeed, StackRox has reported a rise over the last couple of years, from 43% last year to 56% this year, on concerns over misconfigurations and vulnerabilities being key contributors to runtime security risks.
According to StackRox, 94% of those surveyed said they experienced a security incident in their container and Kubernetes environments in the last 12 months. And organizations are also experiencing issues during runtime, with more than one out of four (27%) experiencing a security incident in their runtime environment, while another 24% had a major vulnerability to remediate.
Runtime risks associated with container and Kubernetes deployments require the involvement of developers, operations, and security teams to mitigate. Shifting left requires organizations to build security into applications during the build stage of the development cycle and assess containers for potential issues that could lead to exploitation. Your teams can alleviate risks by scanning containers for vulnerabilities prior to their use in production runtime environments.
4. Supply chain attacks on open source
Supply chain integrity remains a major concern as open-source component use continues to rise, with one in eight open-source downloads containing a known vulnerability. Last year, research by Micro Focus and Sonatype determined that open-source software continued to account for the most reported vulnerabilities. The number of days between disclosure of a vulnerability in an open-source component and exploitation of that vulnerability shrank to three days in 2017 from 45 days in 2006.
In addition, one in eight open-source downloads contains a known vulnerability. Recent supply chain attacks have focused on the open-source ecosystem, with attackers hoping to pollute the open-source software supply chain. At least six incidents in 2018 targeted open-source libraries with backdoor code, the report found.
Everyone needs to work together to tackle the issues of supply chain integrity and mitigate the risk of pre-compromised products infiltrating businesses and government agencies, research firm MITRE concluded in a 2018 report. MITRE recommends 15 courses of action (COAs) that government, and private industry should take to secure their systems against supply chain attacks.
While MITRE’s COA’s are primarily directed at the US Department of Defense (DoD), the objective of having secure, high-integrity software from concept to retirement is valid in the private sector as well. To achieve this objective, MITRE recommends using industry best practices, including the use of static and dynamic application testing, as a means of establishing software security goals and measuring progress toward them.
Find your organization's weakest links
Your organization’s cybersecurity defenses are only as strong as your weakest link. Granted, humans are certainly a fragile link, but focus also on these other weak links as well to ensure that you don’t get blindsided.
Keep learning
Learn from your SecOps peers with TechBeacon's State of SecOps 2021 Guide. Plus: Download the CyberRes 2021 State of Security Operations.
Get a handle on SecOps tooling with TechBeacon's Guide, which includes the GigaOm Radar for SIEM.
The future is security as code. Find out how DevSecOps gets you there with TechBeacon's Guide. Plus: See the SANS DevSecOps survey report for key insights for practitioners.
Get up to speed on cyber resilience with TechBeacon's Guide. Plus: Take the Cyber Resilience Assessment.
Put it all into action with TechBeacon's Guide to a Modern Security Operations Center.
