In today’s cyber threat landscape, it’s better to be proactive than reactive. Malicious actors are spending less and less time hiding in infiltrated systems looking for weak points to exploit, sometimes only needing a few hours in systems before finding the holes in the defenses. With the median “dwell time” of threat actors reduced to 21 days, IT security teams must have robust passive threat detection tools.
It is understandable that security teams try to cover all the bases when mapping possible attack threats. But the reality is that for most organizations, after considering the sheer amount of hardware and software used on the network, it is impossible to identify and close all the gaps.
It’s at this point that many security teams spend too much time and too many resources trying to anticipate every type of attack. Just as a chess grandmaster knows that not every piece on the board can be saved, cybersecurity managers can improve defenses by focusing on the most important pieces.
Active Directory is often the target of attackers once they have infiltrated the network through an Internet vulnerability or because someone in the organization has been compromised by phishing. Having control over the Active Directory is like taking control of the “keys to the realm” of the company. If the Active Directory is taken offline, a very possible scenario – and one that has happened in the past – is that the IT team could be completely offline and rendered inaccessible.
To avoid this kind of situation, it is good practice to apply the principle of least privilege. By reducing the number of devices or people with administrator access, implementing continuous monitoring, introducing a tiered administrative model, and establishing Active Directory domain controllers as that server core could reduce risk.
Legacy technology can also be a primary source of vulnerability for many organizations. Internal systems that may not be connected to the Internet can often remain idle and out of sight of threat assessments. Unless internal scans are performed to identify these systems and any potential security risks, malicious actors can exploit misconfigurations to break through walls. Legacy systems that are unable to support updates and integrate with new operating systems also remain vulnerable to attacks.
Active defense strategies
There are many tools IT security teams can invest in to perform comprehensive vulnerability checks. However, it is important that all scans check internal systems as well as those facing the outside and connected to the Internet. Much time is often spent trying to keep attackers out, while much less thought is given to what is at risk once an attacker has breached walls and gained access to systems. Eliminating any internal misconfiguration will go a long way in protecting organizations by preventing criminals from spreading through their systems.
Before any purchase or integration of new tools or external hardware or software, it is essential to carry out due diligence at the procurement stage, so that the security teams can assess the risks of the service providers. It is also important that any potential vendor conduct active enterprise security risk assessments to demonstrate that their understanding of that enterprise’s unique threat environment is fully understood.
Malicious actors targeting misconfigured tools are the Achilles heel of cybersecurity teams. Implementing continuous monitoring of controls to verify that systems are configured correctly is essential, especially when organizations may have implemented multiple security and IT tools to protect various aspects of the business. By regularly playing scenarios to identify risks, IT teams are more likely to detect system flaws before they are exploited.
When it comes to critical infrastructure such as IT systems, there is an understandable reluctance to change things while they are running. In many cases, changes are not implemented until a threat has been identified, neutralized, or the damage has already been done.
Staying at the forefront of securing systems against cyber threats isn’t always easy, but it pays off in the long run to invest the time and resources to gain a full understanding of your network’s risks, perform a continuous monitoring and ensuring that the foundations of the system are solid, to avoid leaving the door ajar for hackers.
Steve Forbes is a government cybersecurity expert at Nominet