2020 The Modern Threat Landscape: Why Companies Must Adjust and Prioritize Their Cybersecurity to Evolving Threats
In this post, we will dive into why companies must adjust and prioritize their cybersecurity to evolving threats.
Current data breach statistics are setting new records with the first six months of 2019, revealing 3,800 publicly disclosed data breaches, a 54 percent increase in the number of reported breaches compared to the first six months of 2018 (Rafter, 2020).
These data, as mentioned above, breaches of 2019, include notable companies heavily invested in cybersecurity. In July 2019, Capital One determined that an outside individual gained unauthorized access and obtained personal information about Capital One’s credit card customers, including customer names, addresses, ZIP codes, phone numbers, e-mail addresses, birth dates, self-reported income, and in some cases, credit scores, credit limits, balances, payment history, and contact information.
Although login credentials were not compromised, this unauthorized individual accessed 140,000 social security numbers and about 80,000 linked bank account numbers of potential Capital One credit card customers, making Capital One liable for providing free credit monitoring and identity protection to those affected.
According to the report, this unauthorized individual infiltrated the servers of a third-party cloud computing company by exploiting the cloud provider’s misconfigured web application firewall (Rafter, 2020).
The implications surrounding Capital One’s data breach reveal common vulnerabilities exploited by modern threats. To prevent a data breach, companies often split their networks into architected, trusted, and untrusted security zones that enforce distinct policies on a zone-by-zone basis.
Using firewall exceptions as a primary mechanism to enforce these security policies, security practitioners can determine which zones are allowed access to which resources on the network. This is called the “Perimeter model.” However, similar to how a species evolves to its environment over time, companies must understand that the current threat landscape evolves and adapts to modern defenses.
The tactics, techniques, and procedures (TTPs) of major cyber attackers reveal vulnerabilities in the widely-adopted perimeter model. Ironically, companies resolve this issue by adding additional layers of protection to create a more robust “defense-in-depth” model of security, such as fancy Unified Threat Management (UTM) systems and Next-Generation Firewalls (NGFWs). But these additional layers are not always tangible. For instance, best-security practices recommend that companies limit user access based on an employee’s level of “need-to-know.” Additionally, limiting access rights for users to the bare minimum permissions required to perform their job is a necessary precaution to prevent major data breaches.
These examples barely graze the surface of what security controls companies can implement to protect their data. Each security control is only one layer of protection in the defense-in-depth model. Hence, companies must adjust their budget to cover additional layers of protection that span into the technical, operational, and physical realms of security.
For improved security measures, companies invest a significant amount of time and money accordingly into these additional layers of defense to reduce key risk indicators and increase key performance metrics. Additionally, some companies are obliged to invest thousands of dollars in security to comply with HIPAA, SOX, GLBA, GDPR, and other privacy regulations mandated by the government.
Despite these added defenses in the perimeter model, why is it that data breaches are so common? One explanation is that with the widespread adoption of cloud service models and Bring Your Own Device (BYOD) policies, and the perimeter proves difficult to define. If a company’s data is being stored in a cloud provider’s server halfway across the world, this begs the question: where does the network perimeter end? Ensuring contracted cloud environments comply with their security requirements is vital, but is certainly not easy when the perimeter extends beyond traditional network boundaries, as was observed in the Capital One data breach.
Furthermore, cyber attackers are finding ways to “skip” these layers of protection. For example, assume a limited-access user clicks a malicious e-mail attachment. The payload phones home to a C2 node, which installs malware via a reverse shell connection. This outbound connection goes unnoticed by a firewall as these devices do not normally block outbound connections.
Comparably, the malware can be disguised in regular web traffic; thus, evading detection. With access to this machine, the cyber attackers begin their lateral movement through the network by searching for outdated software and systems with elevated access within that zone, such as the HR host that can Secure Shell (SSH) into the HR server. Secure Shell is a cryptographic network protocol for operating network services securely over an unsecured network. With some extra effort, the HR user’s machine is compromised through an unpatched vulnerability. The SSH credentials are stolen, allowing the attackers to establish an SSH connection into the HR server and dump the contents inside. Attacks like this are not uncommon.
In the scenario described above, the critical element of the attack is that the attacker passed the firewall. A device relied on the perimeter model. How does a breach like this occur when firewall policies are tightly scoped for limited access? One would argue that the user is the weakest link in security, which is accurate; however, another reason is that the perimeter model does not provide enough protection against the modern threat landscape.
The fault lies in the zone security policies and how they are enforced at zone boundaries. The perimeter model provides some inherent protection, but it is not bulletproof. By assigning trust to each zone, one aspect is often overlooked on a network: Hosts are not protected from each other (Gilman & Barth, 2017).
Lateral movement and privilege escalations like these are engrained in the hacker’s methodology. A better alternative to the perimeter model, provided the resources, might be to adopt a zero-trust model. This is something companies should consider; however, it is not always practical since zero-trust networks require an expensive Public Key Infrastructure (PKI). Although sometimes incomprehensible to upper management, cybersecurity is not something to brush over with solely fancy tools; it is an ensemble encompassing many things.
Wrapping It All Up
The bottom-line companies must remember when discussing cybersecurity because threats are constantly evolving to modern defenses; therefore, companies must increase their budget to invest in the appropriate security measures that effectively detect, prevent, and mitigate these current modern threats.
Gilman, E., Barth, D. (2017). Zero Trust Networks: Building Secure Systems in Untrusted Networks. O’Reilly Media, Inc.
Rafter, D. (2020). 2019 Data Breaches: 4 Billion Records Breached So Far. Norton Security. Retrieved from https://us.norton.com/internetsecurity-emerging-threats-2019-data-breaches.html
Guest Writer: Daniel Fitzpatrick
For more cybersecurity information, please check out his blog here.
For any additional questions regarding Google Ads, SEO Optimization, Copywriting, or Branding, please feel free to contact us and we will get back to you in 24 hours.