When we hear about breaches, we assume that attackers used some never-before-seen, zero-day exploit to breach our defenses. This situation is normally far from the truth. While it is true that nation-states hold onto tastily crafted zero days that they use to infiltrate the most nationally significant targets, those targets are not you. And they’re probably not your organization, either.
At this year’s Virus Bulletin Conference, much like in years past, we were regaled with many tales of attacks against financially important, high-profile targets. But in the end, the bad actors didn’t get in with the scariest ’sploits. They got in with a phishing email, or, as in a case that one presenter from RiskIQ highlighted, they used wide-open permissions within a very popular cloud resource.
The truth is that the soft underbelly of the security industry consists of hackers taking the path of least resistance: quite often this path is paved with misconfigured security software, human error, or other operational security issues. In other words, it’s not super-“l33t” hackers; it’s you.
Even if you think you’re doing everything right within your own organization, that may still not be enough. While you may have thoroughly secured your own network, those you interact with may not be so locked down. You may think that you’ve successfully eschewed third-party software, that you don’t use the cloud for collaboration, so you’re safe in your enclave. However, third parties situated within your supply chain may be using cloud services in ways that endanger you. And sometimes neither you nor they even know that this situation has created significant risk to both of your environments.
Not to worry, you’re not alone, and there are things you can do about it.
High-profile breaches these days often start with third parties you use. While you might have the greatest security team out there, maybe they don’t. – Read more