In the rush to adopt, deploy, and manage new technologies, many organizations are failing to maintain basic security practices. Recent research from FortiGuard Labs’ Global Threat Landscape Report reveals that poor cybersecurity hygiene, including the failure to patch or replace vulnerable systems, has enabled sophisticated worm-like attacks to take advantage of known exploits at unprecedented speeds and scale.
The Problem of Poor Security Hygiene
Because many organizations are so slow to patch or replace devices and systems with known vulnerabilities, cybercriminals are spending less time developing ways to break in, and are instead focused on developing automated and intent-based tools. These increasingly intelligent malware variants are difficult to detect and remove, and are designed to deliver more sophisticated payloads such as ransomworms.
High profile ransomworms like WannaCry and NotPetya, and sophisticated IoT botnets like Mirai and Hajime were not only remarkable for how fast they spread, but also for their ability to infiltrate a wide range of infrastructures and industries. Sophisticated, multi-vector intelligence has enabled today’s malware tools to quickly identify a device or operating system, determine what vulnerabilities exist for that attack vector, and then select the appropriate exploit from an advanced toolkit of options to effectively blend into the background.
The truth is that many of these attacks could have been largely prevented if more organizations simply practiced good security hygiene. Because so many organizations are failing to patch or replace vulnerable systems, cybercriminals are seeing a lot of success by leveraging these hot exploits to target and breach devices rather than developing elaborate zero day attacks.
But it’s not just the high-profile attacks and recent vulnerabilities that are the problem. According to the report, 90 percent of organizations recorded exploits that targeted existing vulnerabilities that were three or more years old. And 60 percent of firms experienced successful attacks targeting devices for which a patch had been available for ten or more years!
To complicate matters further, once a particular threat has been automated and aggregated with other exploits, attackers are no longer limited to targeting specific industries or geographical regions. Because networks are hyper connected at a global level, the impact of advanced attacks combined with the ability to exploit a wide range of common vulnerabilities will continue to increase risk.
The Rise of Risky Applications
We are also seeing challenges arise from the increasingly hyperconnected nature of networks and devices and the use of risky applications. Firms that allow P2P applications, for example, report seven times more botnets and malware as those that don’t. And those allowing proxy applications report almost nine times as many botnets and malware.
The Growing Challenge of Visibility
Enterprise networks are absorbing billions of new IoT and end user devices and expanding their network strategy to include virtualized and cloud ecosystems. They are also delivering and supporting a growing number of internal and consumer based applications. And many data centers simply cannot keep pace with the exponential growth in data traffic. This rapid growth has actually reduced network visibility, making it difficult to track and manage physical and virtual devices and their related workloads.
Additionally, 57 percent of all traffic traversing the network is now encrypted, up from 51 percent in Q1. So, because of the overhead required to break open and inspect SSL traffic, IT teams are now only able to inspect a fraction of their networked traffic to look for malware.
What Can You Do?
IT security teams are faced with addressing complex infrastructures amidst a widening cybersecurity skills gap. The challenge is how to do more with less. Here are ten tips every IT team needs to consider for their security strategy today:
1. Inventory your network. Organizations need to invest in tools that can see and track the devices on your network, along with their operating systems and privileges.
2. Establish a routine patch and replace strategy. This is security 101, which is why it is such a surprise that this is the root cause of so many security breaches today.
3. Segment your network. IoT devices, risky applications, and other high-risk traffic need to be effectively isolated from the rest of your network. Segmentation also allows you to immediately detect and respond to threats moving laterally across your network.
4. Manage your workflows and applications. Track which applications and workflows touch which devices on your network. Places where workflows overlap need extra attention and security. In virtualized environments, as new workloads require compute and network resources to be spun up, it is essential that security policies can be initiated simultaneously, and that these security policies can span across multiple hypervisors and security instances deployed across the network.
5. Harden your endpoints. Endpoint security needs to be woven into and inform your larger network security strategy.
6. Extend your security strategy into the cloud. Most organizations lose visibility into workflows and security policies as traffic moves into and across the cloud. If you can’t see it you can’t control it.
7. Secure the new perimeter. Perimeter security needs to expand and grow as the network border evolves. Edges can be anywhere – at the cloud or web, between users or departments, at the data center and core, or at endpoints. They not only need to be protected, but these different security tools need to be able to see and talk to each other.
8. Establish an intentional engineering practice. Reliance on security appliances is no longer enough. It is essential that the IT team, led by the CSO/CISO, look at business requirements, workflows, traffic systems, and devices and engineer as much risk out of the network as possible BEFORE deploying security devices.
9. Automate your security. Isolated security devices require separate management tools and the manual correlation of threat data to detect threats. Which is why it takes an average of six months to detect sophisticated attacks. Security tools need to be woven together into a holistic, integrated system using common management tools and open standards.
10. Leverage and share threat intelligence. Security is only as good as its ability to detect threats. Make sure that you are participating in, or at least subscribing to, threat feeds that can raise the bar for your integrated security framework to see and respond to the latest threat intelligence.