The threat landscape is more challenging than ever. Cross-site scripting, SQL injection, phishing and DDoS attacks are far too common. Additionally, attackers are using more and more sophisticated attacks, leaving security teams scrambling to keep up. Teams are faced with many issues, including successful advanced phishing attacks and ransomware attacks that many seem unable to prevent.
How do hackers wreak havoc on enterprises as well as cause sensitive data loss and exposure? The answer is through a variety of cybersecurity vulnerabilities in processes, technical controls and user behaviors that help hackers perform malicious actions. Many different vulnerabilities exist, including code flaws in OSes and applications, systems and services misconfiguration, poor or immature processes and technology implementations, and end users susceptible to attacks.
The most common attacks that result in data breaches include phishing, credential theft, vulnerability exploits, ransomware and privilege abuse.
Given the variety of attack types and methods, it can be difficult for organizations to determine where to best put their budget. Check out the top five most common vulnerabilities organizations should prevent or fix as soon as possible to avoid potentially significant cybersecurity incidents, such as phishing, malware, DDoS and password attacks.
1. Poor endpoint security defenses
Most enterprise organizations have endpoint protection in place, usually antivirus tools. But zero-day exploits are becoming more common, and many endpoint security defenses are inadequate to combat advanced malware and intrusions targeting end users and server platforms.
Many factors lead to inadequate endpoint security defenses that become vulnerabilities. First, standard signature-based antivirus systems are no longer considered sufficient. Many savvy attackers can easily bypass the signatures. Second, smart attackers might only get caught through unusual or unexpected behaviors at the endpoint, which many tools don't monitor. Finally, many endpoint security defenses haven't offered security teams the ability to dynamically respond to or investigate endpoints, particularly on a large scale.
How to fix it
Invest in endpoint detection and response tools that incorporate next-generation antivirus, behavioral analysis and response capabilities. These tools provide more comprehensive analysis of malicious behavior and more flexible prevention and detection options. Those still using traditional antivirus tools should consider an upgrade to incorporate more behavioral inspection, more detailed forensic details and compromise indicators, and real-time response capabilities.
2. Poor data backup and recovery
With ransomware remaining a constant threat, along with traditional disasters and other failures, organizations have a pressing need to back up and recover data. Yet many organizations lack sound backup and recovery options.
Many organizations neglect one or more facets of backup and recovery, including database replication, storage synchronization, or end-user storage archival and backup.
How to fix it
Use a multipronged backup and recovery strategy. This should include data center storage snapshots and replication, database storage, tape or disk backups, and end-user storage -- often cloud-based. Look for enterprise-class tools that accommodate granular backup and recovery metrics and reporting.
3. Poor network segmentation and monitoring
Many attackers rely on weak network segmentation and monitoring to gain full access to systems in a network subnet once they've gained initial access. This huge cybersecurity vulnerability has been common in large enterprise networks for many years. It has led to significant persistence in attackers compromising new systems and maintaining access longer.
A lack of subnet monitoring is a major root cause of this vulnerability, as is a lack of monitoring outbound activity that could indicate command-and-control traffic. Especially in large organizations, this can be a challenging initiative, as hundreds or thousands of systems might be communicating simultaneously within the network and sending outbound traffic.
How to fix it
Focus on carefully controlling network access among systems within subnets and building better detection and alerting strategies for lateral movement between systems that have no business communicating with one another. Monitor for odd DNS lookups, system-to-system communication with no apparent use and odd behavioral trends in network traffic. Proxies, firewalls and microsegmentation tools can help create more restrictive policies for traffic and systems communications.
4. Weak authentication and credential management
One of the most common causes of compromise and breaches is a lack of sound credential management. People use the same password over and over, and many systems and services support weak authentication practices.
In many cases, weak authentication and credential management is due to lack of governance and oversight of credential lifecycle and policy. This includes user access, password policies, authentication interfaces and controls, and privilege escalation to systems and services that shouldn't be available or accessible in many cases.
How to fix it
Implement a stringent password policy. This could consist of longer and more complex passwords as well as more frequent password rotation. In practice, longer passwords that aren't rotated often are safer than shorter passwords that are. Passwordless authentication can also prevent users from making poor password decisions. For any sensitive access, require multifactor authentication before users can access sensitive data or sites, often with the aid of MFA tools.
5. Poor security awareness
Much has been written about the susceptibility of end users to social engineering, but it continues to be a major issue that plagues organizations. Multiple surveys have revealed that end-user error is the top threat action in breaches. Many organizations find the initial point of attack is through targeted social engineering, most commonly phishing.
The most common cause of successful phishing, pretexting and other social engineering attacks is a lack of sound security awareness training and end-user validation. Organizations still struggle with how to train users to look for social engineering attempts and report them.
How to fix it
Conduct regular training exercises that cover phishing, pretexting and social engineering. Many training programs are available to help reinforce security awareness concepts. Trainings need to be contextual and relevant to employees' job functions whenever possible. Track users' success or failure rates on testing, and use "live fire" tests with phishing emails and other tactics. For users who don't improve, look at remediation measures appropriate for your organization.
While other major cybersecurity vulnerabilities can be spotted in the wild, the issues addressed here are some of the most common seen by enterprise security teams everywhere. Look for opportunities to implement more effective security measures and controls in your organization to prevent these issues from being realized. Once your security team fixes the above security vulnerabilities, it could tackle other common weaknesses, such as those in the OWASP Top 10.