Unit 42 is the cyber security research unit of Palo Alto Networks, and provides the latest industry intelligence to help CISOs, CIOs and other technology leaders better navigate today’s fast evolving threat landscape.
In this article we look at the top five cyber security issues on everyone’s radars as we head towards 2024, and we discuss strategies for dealing with them.
The Top 5 challenges are:
1. Supply chain attacks
DevOps and agile software development practices have helped organisations speed up development cycles allowing for more rapid release timelines. But speed often results in a reliance on third-party code in vendor applications, which could come from anyone, including an Advanced Persistent Threat (APT), allowing attackers to take advantage and launch supply chain attacks.
Given modern cloud software development practices for sharing and incorporating third-party code—and creating complex structures that depend on many other building blocks—if an attacker compromises third-party developers or their code repositories, it’s possible to infiltrate thousands of organisations.
Solution: Embed security into the software development pipeline
Extending security beyond the runtime phase (the last phase in the build, deploy, and run model of development) and integrating it into every stage of development allows for the creation of automated security guardrails.
Within these guardrails you’re better able to:
- Catch vulnerable code prior to deployment (i.e. in the pre-commit stage).
- Check builds for defects prior to pushing code to production.
- Conduct efficient vulnerability scanning in runtime environments.
Step 1 in extending security across development starts with creating a shift-left security strategy that can evolve over time. A shift-left security strategy is a brief document outlining security steps to take place before the run phase.
It should define what success looks like, and set out ownership, milestones, and metrics for embedding security processes and tools into all stages of the Continuous Integration/Continuous Development (CI/CD) pipeline.
Once the strategy is created, you then need to determine where and how software is created in your organisation.
Begin by analysing organisation-wide information and documenting the overall flow of software in your company. Key items to identify include who is developing code (people), how it flows from development laptops to production (process), and which systems you use to enable the process (technology).
Did you know 63% of third-party code templates used in building cloud infrastructure contained insecure configurations. And 96% of third-party container applications deployed in cloud infrastructure contain known vulnerabilities.
2. Multifactor authentication
Looking at a selection of recent Unit 42 incident response cases, 89 percent of organisations reported that they’d fallen victim to Business Email Compromise (BEC) attacks and admitted they failed to turn on MFA, or follow email security best practices.
Additionally, in 50 per cent of all Unit 42 incident response cases— BEC or otherwise—organisations lacked MFA on key Internet-facing systems such as corporate webmail, virtual private network (VPN) solutions, and other remote access solutions.
Solution: Implement MFA as a technical control and security policy for all users
Configured correctly, MFA is an effective way to created ‘layered’ defences, making it harder for malicious actors to access systems with merely a stolen password.
Integrate MFA for all remote access, Internet-accessible, and business email accounts to greatly shrink your attack surface. To prevent threat actors from circumventing MFA, disable legacy authentications / protocols and confirm that MFA is not only deployed, but that employees are also using it correctly. And be sure to avoid using SMS as your second form of authentication.
Effective forms of MFA include One-Time Passwords (OTPs) and cryptographic token-based authentication.
Remember to implement MFA internally as well. It’s very common, for instance, after authenticating MFA once, that a user then bounces around the network without re-verifying MFA, even when moving to a system with a different trust level (e.g., from workstation to server).
3. Cloud security and Identity Access Management (IAM)
Poorly configured cloud environments open the door wide open for malicious actors, allowing them to gain initial access without the need for especially sophisticated techniques or specific vulnerabilities.
It’s no surprise then that attackers seek them out in search of low-hanging fruit.
A recent volume of the Unit 42 Cloud Threat Report noted that IAM misconfigurations alone contributed to 65 per cent of observed cloud security incidents.
Solution: Secure your cloud environments with proper training and configuration
Access to cloud controls such as Cloud Services Provider (CSP) consoles, APIs, and command-line interfaces in the cloud should be allocated on a needs-to-know basis.
Such Role-Based Access Control (RBAC) is critical for mitigating the risks of misconfiguration and other security errors. It’s recommended that organisations should also invest in a cloud-native security platform to routinely monitor cloud environments for IAM misconfigurations both within production and development environments.
In addition, your organisation should deploy data loss prevention solutions, conduct regular audits of cloud data to determine what is most sensitive and where it’s located, and deploy MFA for authorised users as well as certificates and digital signatures.
4. A growing attack surface
Modern attack surfaces are constantly changing, meaning that as attack surfaces grow, the number of unmanaged assets across those surfaces grow, too.
As a result, attackers are becoming increasingly adept at scanning the internet in search of vulnerable systems and exploiting gaps in security before they can be patched.
Solution: Be a Champion for proactive visibility
Security teams do the best they can with the resources and the data they have, but visibility is often the key determinant of whether an asset is secure.
It’s important, therefore to choose an attack surface management platform that can provide a comprehensive and continuously updated inventory of all internet-connected assets and potential exposures, including shadow IT infrastructure and assets susceptible to common vulnerabilities and exposures (CVEs), while ranking risks and offering recommendations for dealing with them.
An attack surface assessment can also help improve visibility of internet-facing assets.
5. Overloaded security teams
CISOs and their teams face ever-shifting challenges and risks as the cadence and complexity of cyber threats continue to grow exponentially.
Meanwhile, they face a raft of internal challenges.
In 11 percent of Unit 42 incident response cases, important security alerts got lost without sufficient review/action. And in many cases, administrators are juggling too many different products, often monitoring the network using a patchwork of tools providing disparate information.
And further compounding things, they are typically slowed down by having too many manual/time-consuming processes.
Poor processes for patch management tasks contributed to threat actor success in 28 per cent of the Unit 42 incident response cases. These cases involved vulnerabilities that were disclosed publicly with patches available. However, the threat actors were able to exploit vulnerabilities that remained unpatched.
Solution: Automate where possible
Intelligent automation can help your team better allocate scarce resources, consolidate visibility and control over a dynamic network, and reduce response and recovery tasks.
Consider implementing automation tools and take advantage of pre-made playbooks to respond and recover from incidents quickly.
Security Orchestration, Automation, and Response (SOAR) products can automate the whole process of user investigation, endpoint isolation, notifications, enrichment, and threat hunting.
By orchestrating across security information and event management (SIEM), firewalls, endpoint security, threat intelligence sources, and response teams can act quickly in the face of a breach or attack.
If you would like to discuss your security requirements to ensure your data and staff are protected email here to get in contact with one of Enablis’ security experts or download the full Report titled: 5 Security Concerns for CISOs and How to Address Them here.