It comes as no surprise that the Covid-19 pandemic has resulted in an increase in security gaps. The global crisis revealed a multitude of nascent cyber-security shortcomings, including a lack of agility to support homeworking and an overreliance on on-premise security. It also created a whole host of new challenges, from scam Covid-related domains to an increase in phishing attacks.
Indeed, the pandemic has seen cyber-crime flourish. In its Annual Review 2020, the UK’s NCSC revealed that GCHQ handled more than 200 cyber incidents related to the coronavirus during the course of last year – almost a third of the total number of incidents it handled over that period. This included more than 160 instances of high-risk and critical vulnerabilities shared with NHS Trusts. Overall, vulnerabilities have exploded in number over this past year, with HackerOne’s 2021 Hacker Report finding that, as more enterprises moved to the cloud, reports of misconfiguration vulnerabilities rose by 310%.
More opportunities for hackers in new digital landscapes
From Zoom’s security gaps to the SolarWinds attack, vulnerabilities have also been a weapon of choice for hackers over the past year as they take advantage of the new digital landscape. Progress is being made in warding off these vulnerability-based attacks – for example, Kenna Security found a falling number of vulnerabilities being exploited, while HackerOne discovered that the number of white hats reporting vulnerabilities to companies increased by 63% in 2020. But organisations must still be alert to the risks of vulnerabilities and their potential for weaponisation.
The growth of vulnerabilities has meant hackers not only have a larger attack surface, but they have also become less predictable in how they select their targets. Indeed, instead of only focusing on vulnerabilities that are currently being weaponised or those that are likely to be, organisations need to be cognisant of other potential risks. The ‘pandemic’ risk for example, which sees cyber criminals taking advantage of a vulnerability that more and more organisations choose not to manage. The fewer organisations that are ‘vaccinated’, the easier the pandemic spreads.
There’s also automation risk. Increasingly, cyber criminals are using automation tools and techniques to exploit vulnerabilities, as it is not only an attractive low-cost route, but it also significantly reduces the time window in which organisations can deploy countermeasures. Being prepared is therefore essential.
Take a proactive approach
While organisations cannot predict how cyber criminals will attack, they can proactively manage their attack surface through cyber resilience.
This is a continuous process which strengthens an organisation’s ability to resist attacks and enables it to continue functioning during an incident. To achieve this state, organisations need to reduce the size and number of targets that hackers can exploit whilst also establishing and maintaining a stable base to bounce back from in the event of an attack.
Identifying and managing all vulnerabilities will help organisations achieve both these goals. The first step in this process is to create a context for IT security policies, determining which systems, assets and processes need to be protected and to what extent, guiding IT on how best to configure security solutions.
The second step is to scan for all current vulnerabilities, targeting any current infrastructure weaknesses. Keeping a vulnerability database is also a good idea, helping IT to prioritise and mitigate the vulnerabilities that need the most urgent attention. It is also important to assign responsibility and accountability when a vulnerability is detected, ensuring that there is a streamlined process in place that will remediate the issue sooner rather than later.
Once the vulnerability has been mitigated, all the key information pertaining to it – including when it was detected, how long it took to resolve and who is accountable – should be recorded for future analysis and attack prevention.
The wider picture
Vulnerability management is important, yet it is still just one of the many steps to achieving complete sustainable cyber resilience. All hidden risks within digital processes must be taken into consideration and made apparent. Companies must also implement airtight processes across an organisation, from the actions that must be taken to training and educating employees – particularly vital in the age of remote-working.
In these challenging times, where operations have been upended and cyber criminals can use the pandemic to their advantage, protecting against existing and potential weaponised vulnerabilities has never been more important.
Contributed by Dr. Jan-Oliver Wagner, CEO and co-founder, Greenbone Networks