Securing corporate data in a hybrid world
John Tipton, senior security consultant at Adarma, explores the importance of visibility in securing the entire attack surface in this Teiss article
According to recent data from the Chartered Institute of Management (CMI), 84 percent of UK firms have adopted hybrid working today.
This mass adoption of remote working reinforces the ways in which technology is changing businesses; allowing employees to perform their jobs from all over the world, offering business continuity during the pandemic, while cutting costs for organisations that no longer need expansive physical locations to operate.
However, a downside to this increased dependence on digital is the dissolution of the once trusty perimeter that organisations relied on to surround their digital assets. It has also become a significantly more complex terrain to secure.
Today, businesses will have employees connecting to their networks from a magnitude of devices and locations, opening new and exploitable doors to attackers. Moreover, corporate data is now being held in cloud applications to facilitate remote workforce access, and if security is not implemented properly, the data is potentially accessible to anyone on the web.
So, how can organisations secure their enlarged attack surface? How can they, not only manage and secure all devices connected to their network, but ensure cloud environments are secured and configured properly so they are not exposing data publicly, vulnerable to being exploited maliciously?
You can’t secure what you can’t see
As enterprise networks become increasingly connected, visibility of all devices and applications accessing and hosting corporate data is essential.
It doesn’t matter if you work in a small network that is completely air gapped, or if your digital network spans the landscape of Europe: businesses must know exactly what is on their network at all times. After all, you can’t protect or secure what you can’t see.
It is the unmonitored devices that attackers are always on the hunt for. They understand that when networks are not segmented properly, one unmonitored access point provides the entry way so they can move laterally until they reach the enterprise crown jewels: normally, its data.
Organisations must view every single device connected to the enterprise’s network as a potentially exploitable entry door which attackers could hijack. This means cyber security must encompass everything, from employee-owned devices and corporate devices to cloud applications and hybrid cloud environments.
To secure today’s hybrid enterprise network, organisations need to practise continuous discovery, inventory, classification, and risk prioritisation of all devices. They need to have a clear understanding of what the devices are doing and what they can access as well as have an understanding of their security controls to ensure they are not putting data at risk.
When it comes to cloud applications, organisations must understand what data they are holding and verify exactly how secure they are. Are they configured correctly, are any APIs accidentally leaking data, or can they be accessed by someone on the internet who shouldn’t be in them? These are all the questions that need to be asked and assessed.
Once an organisation gains visibility of its attack surface, they then need to understand what attack vectors criminals could exploit to reach their data.
Attack vectors are the methods leveraged by adversaries to gain unauthorised access to systems and data. Such methods are extremely varied but could include system misconfigurations, exploitable vulnerabilities, user privileges, or risky user behaviours.
Once these vectors have been identified, organisations should then carry out attack path management to understand how they can be used to compromise critical assets. Often, multiple attack paths will share a single attack vector along the path, which is known as a choke point. Identifying and eliminating such choke points will significantly increase the value of remediation efforts performed by the organisation’s limited security resources.
When carrying out attack path management, organisations must map out the routes that would create the biggest amount of damage and work to mitigate those first. Not all data in an organisation is equal, so businesses should work to protect their most sensitive assets first.
The digital landscape of businesses is constantly growing and if security is not managed in tandem with this digital expansion, organisations will often leave exploitable holes in their networks.
As a result, organisations must prioritise visibility across their networks, ensuring they can see all devices and cloud applications which are accessing and storing sensitive data. They must work to secure these by reducing the privileges of non-corporate devices, while also mapping out potential routes that attackers could exploit to access their data.
This will allow them to reap the benefits hybrid working and digitalisation has to offer, without raising the security stakes, all while staying one step ahead of threat actors.