Advanced persistent threats now come from all vectors, are your bases covered?

Published August 29, 2019   |   

According to the World Economic Forum (WEF), cyberattacks and threats are now among the top global risks alongside natural disasters and climate change. The ways hackers can attack infrastructures have also increased as business processes become more digitized. Hackers now have access to a wide variety of implements including remote access tools, massive botnets, and data dumps of stolen access credentials that allow them to gain entry to systems and terrorize organizations using an advanced persistent threat.

As such, any organization doing business in today’s environment must put cybersecurity at the top of its agenda. Organizations now have to cover and protect a multitude of potential attack vectors. Given this diversity of vectors, companies often employ a host of such security solutions to keep all bases covered. Antiviruses, firewalls, and email and browsing plugins have all become staples to any network.

Fortunately, cybersecurity solutions providers are working hard to keep pace with the methods used by hackers. Security firm Incapsula, for instance, has been seeing record-breaking intensities of distributed denial-of-service (DDoS) attacks but their solution has been able to capably protect their users from such threats. Breach and attack simulation (BAS) solutions like Cymulate are also emerging to provide IT teams with the means to test and check if their adopted solutions are actually working.

But aside from adopting solutions and tools, organizations must remain vigilant to ensure that their measures comprehensively protect their infrastructures from today’s threats.

Protecting against threats

Among the key challenges for organizations is configuring their security measures. It is now common for company infrastructures and networks to include various solutions. They have to be integrated into a cohesive defense:

Antiviruses and antimalware. Perhaps the most fundamental of security solutions, antiviruses and antimalware provide the means for users to scan for and remove threats. Even free solutions such as Windows Defender now provide real-time protection and check for any malicious files and processes, instantly preventing them from executing.

Email and safe browsing protection. Hackers continue to use social engineering attacks like phishing emails and spoof sites to try and trick end users to give up access credentials or download and run malware. To prevent this, companies can employ email protection solutions that can screen out phishing emails or, in the least, warn users about the content of such emails. This way, users can take caution before opening attachments and clicking links. Browsers plugins can also be used to warn users against potentially malicious links and sites.

Firewalls and access management. Companies have increasingly been providing more digital channels through which their employees and customers can conduct business. Unfortunately, these web applications have also become prime targets for attackers. To protect these, organizations typically use firewalls to screen out malicious traffic and prevent scripting and injection attacks. Login pages now also popularly feature multifactor authentication to prevent stolen credentials from being used by attackers to gain entry to systems.

IT management. Part of what makes attacks possible is the vulnerabilities found in operating systems and applications. While developers do come out with updates and patches, it is up to the IT team to ensure that these are properly deployed to all affected systems. But considering how organizations can now have hundreds or even thousands of endpoints and devices, patching and software deployment can be a challenge. IT management platforms can help identify affected devices and deploy patches and updates to these computers conveniently.

Testing your defenses

Solutions may be plentiful, and organizations haven’t been shy to adopt them. But how can they know if these tools actually work?

Conventionally, security testing is done through penetration tests. IT teams or white hat hackers are tasked to gain entry to systems. Tools such as Metasploit and Wireshark are used to test for exploitable vulnerabilities. And even deploy payloads to check if security solutions work. More advanced tests involve “red teaming”. Designated experts launch attacks against the infrastructure using the same methods that actual cybercriminals use.

Unfortunately, many IT teams are not technically trained and resourced to perform such tests. A viable alternative is to use BAS platforms. These solutions provide IT teams the means to test their own defenses. As well as probing their web applications, endpoint security solutions, and antiviruses through an easy-to-use interface.

Attack simulations can be configured and launched with just a few clicks. They can even be scheduled and automated to ensure the uptime of security solutions. Even social engineering attack tests can be customized to see if end users fall for highly personalized attempts. Since attacks are simulated, they offer no real harm to the infrastructure or devices.

Plugging the gaps

Acquiring and implementing even the most popular or most expensive solutions do not provide a guarantee that they will be able to thwart all cyberattacks. It only takes one opening for attacks to be successful. Realistically, there may be times when faulty implementation or integration and even conflicts with systems and applications can make even the best security solutions fallible.

So, it’s important to check the effectiveness of security measures. What BAS and security tests produce are detailed reports. Ones that show IT teams and business leaders, the real state of their defenses. Continuously testing defenses would allow them to find out the weak links so that they can plug the gaps. And make the necessary changes to their cybersecurity measures as needed.