In this episode of our popular podcast series CISO Talks, we met up with Reuven Aronashvili, the founder and CEO of CYE – experts in organizational cyber-security and risk assessments. Before that, Reuven worked at one of the co-founders of the Israel Defense Forces “Red Team” unit, helping to spot and address cybersecurity vulnerabilities presented by attackers.
Reuven has seen a lot in his career, and many of the specific cybersecurity vulnerabilities he encounters in his customers can be put into specific categories.
Below is a list of the most common cybersecurity vulnerabilities that Reuven believes organizations need to look at addressing.
- Poor Password Quality
- Lack of Breach Detection Capabilities
- Lack of Network Segmentation
- Lack of Proactive Access Governance
- Basic Hygiene Still Lacking
Poor Password Quality
Even in the most advanced organizations with the strictest password policies, it’s still common to see legacy passwords, service accounts, or things that simply slipped through the cracks of that policy. These legacy passwords are easy to target with “spray” attacks where common password combinations are randomly used to try and break through. In a lot of cases, this is the foot in the door for a lot of attackers.
Many people assume that these kind of spray attacks will trigger account lockouts, but attackers are smart enough to deploy this “spray” tactic across multiple accounts at the same time using basic username and password information. This way, “you’re going to get success about 60% of the time” without committing to too many attempts on the same account.
Organizations should make sure that, when password policies are introduced, legacy password, service accounts and other potential vulnerabilities are addressed at the time. Even better, going through and removing any stale user accounts or groups will drastically reduce the potential attack surface.
Lack of Breach Detection Capabilities
This point is more operational than anything. We see a lot of organizations really struggle to identify vulnerabilities or active breach threats in their infrastructure. Native detection and response systems are simply not advanced enough to adequately detect and respond to threats. A lot of solutions are very good at detecting threats that are already known, but attackers are always one step ahead.
A lot of data breach detection and response solutions on the market are very good, but it takes a full team to be able to properly detect and respond to a data breach in the right way. The time gap between the attacker gaining access and the team being able to recognize an attack is underway is still too long.
Lack of Network Segmentation
The current state of most organizations’ networks means that attackers are able to move easily between different parts of the organization, from the user environment, to the server environment, to the cloud environment and so on. This kind of a lack of network segmentation means that we are still far away from where we should be in terms of how our networks are organized.
Lack of Proactive Access Governance
A lot of organizations are still not treating their most privileged accounts with the care that they need to be. For an attacker, the domain admin account in Microsoft environments is gold. It provides access to pretty much everything that they will need to carry out a devastating attack. Protecting those accounts by implementing a principle of least privilege should be an absolute priority for IT teams. Teams also need to be able to spot changes to permissions that result in over-privileged users, as these accounts now present more risk.
Basic Hygiene Still Lacking
You’ve probably heard it a thousand times before, but companies are still struggling to introduce good hygiene into their practices and processes. Patch management, updates, firewalls, VPN use, backups, and inventory are just a number of things that should be on the checklist. Technology to help streamline cybersecurity hygiene is already out there, but is not being utilized in the way that we would like to see. Attackers certainly love seeing networks that haven’t been patched against known threats.
If you haven’t got the basic cybersecurity vulnerabilities covered, how can you expect to be able to adequately prevent, detect and respond to data breaches and cyberattacks? If you’d like help identifying your cybersecurity vulnerabilities, give us a call or schedule your free risk assessment today.