As we approach the end of 2022, many of us will set out the usual New Year’s resolutions, good intentions, and goals we’d like to achieve in the next 12 months. While you ponder changes to diet, exercise, or education, take this fantastic opportunity to make some changes that will boost your company’s cyber risk protection. Check out three options below.
Cutting Back: Attack Surface Management
Attack surface management (ASM) refers to a process of discovering and documenting assets that can be breached and allow threat actors into your network. Just like many of you are looking to identify and cut additional calories in 2023, cutting off potential avenues into your network is also prudent.
Think of ASM as similar to strengthening your security at home. You do this by identifying the doors, windows, and other entrances someone could enter through. You wouldn’t leave your windows open when you leave your home, so why do the same on your digital estate?
Digital entrances manifest in various ways, including an external-facing vulnerability, an expired or insecure SSL certification, open ports, or insecure remote services. As an organization’s digital footprint expands, tracking these exposure points can become increasingly difficult. Enhancing your visibility of them is one of the areas in which ReliaQuest excels, specifically through the use of GreyMatter Digital Risk Protection (GreyMatter DRP).
Some of the collection sources available in GreyMatter DRP
GreyMatter DRP can assist with ASM specifically by working with clients’ known and unknown assets. The latter is often the greatest challenge—how can a company identify weak points in network blindspots?
Get the Miles in with Tabletop Exercises
Next up in our series of terrible New Year’s analogies (sorry not sorry), why not get your security team in better shape by conducting a series of tabletop exercises (TTX)? TTX permits security teams to simulate a live incident, then identify areas of strength and opportunities for incident response teams. Conducting TTX can help teams identify roles and responsibilities, plus key points of contact and escalation—and document how to mitigate certain attacks.
Developing incident response plans can be painstaking, and it’s often not best done in a live scenario. By placing your teams under the spotlight of a simulated attack, many of the roadblocks and setbacks you’ll likely encounter in a real scenario can be troubleshot ahead of time. This enables security teams to work more efficiently if, or when, a real scenario does occur.
Which attack scenario should be the scope of your first TTX? This very much depends on your company—sector, location, and overall security maturity. Identify a genuinely impactful event that could be catastrophic to your business. Ideally, make it something your security teams haven’t worked on during a live scenario. Many of the major threats we identify in our blogs are an excellent place to start: for example, a ransomware attack or data breach by a financially motivated threat group.
Clear That To-Do List: Asset Inventory and SBOMs
Another lingering item (and opportunity!) on many security teams’ to-do lists is creating an asset inventory and Software Bill of Materials (SBOM). An asset inventory represents a working list of all users, applications, and devices. Constantly revising and updating it is essential, so it can be a foundation for several teams within your wider security organization. Risk, compliance, and incident response teams will all hugely benefit from enhanced visibility of your network assets.
The SBOM on the other hand came into the common security lexicon in May 2022. It’s one of the core topics outlined in President Joe Biden’s executive order on improving cybersecurity in the United States. An SBOM can accompany your asset inventory, detailing all the components that constitute security software. Understanding these various components is often emphasized in the aftermath of a major security-vulnerability disclosure.
Organizations are often unaware of the specific impact and risk caused by a vulnerability, because they’re not aware of the components that make up the software they use. This is also particularly true of software supply chains; understanding the components used in third-party equipment puts companies in a better position to triage and manage the risk associated with third-party relationships.
So, there we have it: three useful steps to start improving your company’s cybersecurity maturity model in the new year. If you’d like to learn more about how ReliaQuest can assist with kickstarting these resolutions—by removing complexity, increasing visibility, and assisting in managing risk—request a demo.