As we work with clients to enhance their security standards or respond to security incidents, we see many repeating security gaps. Of the hundreds of ways an environment or data can be breached, these are six of the most common gaps we have been seeing in client environments today.
1. Too Narrow of a Security Focus
One of the biggest issues we see in client security is being too narrowly focused. Many organizations are very dedicated to one area at the expense of others. They could be very concerned about phishing and spend all day / every day sending phishing simulations – filling employees’ inboxes. Other organizations are very compliance-driven or vulnerability-driven. Trying to stay in just one lane is like wearing blinders to other issues.
Too much focus on one thing can cause other areas to linger, which can cause significant coverage issues. If the bad guys can’t get in the front door, sometimes they will walk around the building and get in through a side door or window. Or, in this case, they will look around and find another vulnerability that isn’t being as carefully watched.
2. Patch Management
Even though patch management seems very simple on the surface, the details can make it very difficult. You’re not just handling Microsoft’s patches that are installed on a handful of systems. There are also many supplementary systems that need to be updated and maintained, and these can often slip through the cracks.
Even organizations that have mature patch management programs, dedicated security teams, and large IT staff can struggle making sure they are installed everywhere. It’s difficult to have visibility into all the applications and systems that are being used and knowing which need patching. Gaining visibility into those systems and understanding where patches aren’t installed is a critical way to fill that gap.
3. Flat Network Architecture
Many organizations have flat networks where – if threat actors get into one system – they can basically go anywhere without any additional check on movement. Once they’re in, it doesn’t take long before the entire environment is compromised.
4. Privileged Access Management
Organizations need to carefully protect key credentials like administrator credentials and service accounts credentials. In many organizations that get compromised, one of the service accounts gets hacked because someone set it up 10 years ago and it’s never been changed. Ransomware can then get through the entire environment because that account can log in with elevated privileges.
5. Limited Backup Strategies
Having varied backup strategies is key. Many organizations have suffered catastrophic incidents because they’re backing up their data the same way as they did 10 years ago. Maybe an organization is saving all their backups on a Windows Server in their environment, with that backup server online and in the same network as the other system. The adversary is then provided a single target for your sensitive data and the opportunity to encrypt every system and your backups.
This may not be as big of a long-term issue, but we’ve seen a rush of incident response needs in the last couple of years related to limited backup strategies. Therefore, we strongly recommend varied backups to better protect your data in case of an incident.
6. Moving to the Cloud Without a Security Plan
Organizations that move systems to the cloud may think they’re secure without assessing their needs in relation to the settings and capabilities of the technology. Organizations like Microsoft, Cisco, Google, and others invest incredible amounts of work and money to ensure their systems are secure. However, having a specific security control on your data is no guarantee that the control will be a default in the cloud. Outsourcing cloud security awareness doesn’t mean your job is done.
This ties back to third-party risk management. Always do your vendor due diligence, and always ask if your cloud provider is protecting your data and systems to the standards of your organization and compliance regulations.
In Conclusion
If you suspect that your organization may have one (or more) of these security gaps, there’s hope. Many of these can be addressed with a holistic security approach that looks at your whole organization rather than at limited, targeted threats. Others may only be obvious through experience or by consulting a third-party security consultancy like Core.
If you want to strengthen your security posture or develop a holistic security program, then contact us. Our Security team would love to help you close common gaps and reach the next level in your security awareness.