Back in the good old days, cybersecurity used to be simple. Fine, never ‘simple’, but certainly less overwhelming than it is today. Networks and environments had vulnerabilities, for sure, but they tended to be known about (or at least known unknowns), and it was possible to patch most of them up.
These days, new security vulnerabilities are being discovered every day. In November alone, over 1000 new security vulnerabilities were published, meaning that just last month there were over 1000 new ways for malicious actors to access and cripple an environment.
And this is just the vulnerabilities we know about!
Every day this number gets bigger. PandaLabs reckons that 230,000 new malware samples are produced every single day…and it only takes one to bring a business to its knees. IBM estimates the average cost to a business of a successful cyberattack is $1.42 million, which shows just how seriously organizations need to take their online security.
Ok, so that was a fairly bleak start. And there are threats aplenty when it comes to cybersecurity. But it is not all bad news by any means. There are plenty of things that businesses can do to reduce their attack surface, and cut down on their vulnerabilities. Part of the problem most businesses face is the time it takes to identify the vulnerabilities they are facing. Once you know where you are weakest, you can protect yourself, but the gap between vulnerabilities emerging and organizations discovering them is often far too long.
Cutting down the time between new vulnerabilities coming to light and them being discovered and dealt with is key. Reducing this ‘attack surface’ allows businesses to identify and solve threats before they become a problem.
Even in the largest organizations, vulnerability scans can take far too long, even on a weekly cycle. Staggering scan schedules can lead to scans of the entire organization taking way too long, with huge gaps between scans on individual IP addresses. For example, scanning around 2000 individual IP addresses with two external vulnerability scanners might take around 50 hours of scan time in total. A weekly 12-hour scan schedule would therefore take over a month to complete, leaving a gap of over four weeks between scans for each IP. If a new vulnerability appears during this time, it won’t be identified and addressed for a month, which represents an enormous security risk.
So you can see how easy it is, even with a seemingly regular scan schedule, to leave huge vulnerabilities in your network. And with over 1000 new threats appearing every month, that’s a big gamble to take.
So scanning far more regularly seems to be the way forward. In the example above, ensuring that the entire organization is scanned on a weekly basis, rather than just scheduling a scan once a week, would shrink the attack surface from four weeks to around five days, greatly reducing the risk and vulnerability. It’s a simple tweak, but one that has huge benefits.
Organizations need to do their homework and work out how long it actually takes to scan the entire business, not just trusting to a schedule. Analyzing your assets and IPs lets you work out how large your attack surface actually is and what you can do to tighten it up.
There are a few other ways that businesses can reduce their attack surface and prevent attacks from happening before they become a problem.
Eliminate Complexity – networks get more and more complicated over time, with bad habits and poor policy management creeping in even to the best-managed environments. Duplicate or redundant rules, overly permissive definitions, and overly complex infrastructures that encourage human error all can lead to larger vulnerabilities. Check your network regularly, and try and keep it as simple as possible.
Control Your Endpoints – monitor your endpoints constantly, and set up alerts for when endpoint behavior looks fishy or just different from the norm. Control what your endpoints can actually do as well so, in the event of a breach, destructive spread can be prevented.
Segmentation – you’ll likely have a cybersecurity perimeter around the entire organization, but drawing boundaries around individual networks and segmenting your environment adds roadblocks in the event that bad actors breach your first line of defense.
To learn more about how you can reduce your attack surface and tighten up your cybersecurity get in touch with our experts. At CompuVision we are always looking for new ways to protect our clients, now and in the future.