If you’re in cybersecurity, you’ve heard nonstop about the attack surface. But what if the surface is more of an atmosphere?
That’s what some experts in the field are saying as the shape and location of attacks is changing. An attack atmosphere is more accurate, the theory goes, because it encompasses myriad threats.
Chris Goettl, VP of product management at Ivanti, told IT Brew that the atmosphere term is a shift in mindset to understand the environment as a whole. Attackers have become more and more sophisticated, often not even threatening the critical vulnerabilities but rather chaining existing CVEs or using social engineering.
“Each of those things are just an evolution of behaviors that existed before with threat actors,” Goettl said. “They’re just getting more and more sophisticated.”
Lock it in. Focusing an organization’s resources around wider threats allows for a more reasonable and responsible risk appetite. Exposure and access management are part of the tools in the toolbelt, Goettl said. He noted that at times the attacks can be subtle and go unnoticed; referencing a colleague who found their access blocked temporarily due to being out of the country, Goettl said that noticing these behavior changes show “the experiences that we rely on on a daily basis are all set up to ensure that we’re closing the loop on many of those mechanisms that threat actors are going to take advantage of.” The system taking note that staffers are acting in an “abnormal” way allows it to react with a layered exposure management approach.
“It’s all about keeping that focus in alignment, but making it so that the system is made to operate given that context,” Goettl said. “If I’ve defined my risk appetite, I should be configured for that risk appetite, and with that, I should be able to eliminate the majority of the noise of findings that are out there as well.”
Top insights for IT pros
From cybersecurity and big data to cloud computing, IT Brew covers the latest trends shaping business tech in our 4x weekly newsletter, virtual events with industry experts, and digital guides.
Fat of the land. Research from cybersecurity company Bitdefender released June 3 investigated 700,000 security incidents. The survey found that Living Off the Land attacks, where threat actors use existing, legitimate tools and applications to access internal systems, are prevalent, with 84% of major incidents in the research involving the tactic. It’s an example of how the attack atmosphere is being deployed by attackers.
Martin Zugec, a Bitdefender technical solutions director who worked on the research, told IT Brew that attackers take tools that administrators use for running fixes across machines and the organization but deploy them to execute code on multiple machines. There’s been a decrease in malware but an increase in these attacks; there are no easy solutions to deal with this approach to the attack atmosphere.
“We expect them to get more complex, and in reality, they do the opposite,” Zugec said. “They are trying to minimize the playbook to keep them as simple, repeatable, and scalable as possible.”
Fix it. Nonetheless, the basics still apply. IT teams and team leaders need to work together to ensure that standards are adhered to and that instructions are followed, Goettl said. That starts at the top: the CIO and CISO of the organization need to work together to establish clear communication and break down data barriers that might allow the attack atmosphere to be breached without notification.
“They all need the same level of intel,” Goettl said. “We forget about the fact that there’s a lot of technology and data barriers within our organization.”