Defenders must get out ahead of complexity

Over the past two years, organisations have experienced a quantum leap in digitisation, adopting an array of new technologies to facilitate remote and hybrid working. Consequently, they are dealing with a more complex technology stack than ever before, which introduces new vectors for cyber criminals to exploit.

In a landscape of heightened cyber threat, regulators worldwide, including the UK’s National Cyber Security Centre (NCSC), have advised organisations to build cyber resilience, but this task is more complex than ever. The interconnection between technologies enables hackers to maximise the impact of their attacks by moving through an organisation’s networks in search of the most valuable assets to exploit.

It’s vital for security teams to begin to understand this threat. Identifying attack pathways can be difficult, but it’s important to note that hackers invariably seek the path of least resistance to attack systems. This means leveraging known credentials and available connections between one system and another, which are often natively available within a network. Where an attack pathway is identified, security teams must drill down and inspect whether these lead to critical assets or other exposed parts of a network.

Security teams must also understand the technologies employed across an organisation and seek to identify vulnerabilities that can be “chained” to build a path. By scanning source code for vulnerabilities, conducting penetration testing of products and services, and working closely with a security operations centre (SOC) to monitor logs of network events across an entire infrastructure, security teams can identify potential vulnerabilities and proactively monitor malicious activities at the perimeter of an organisation’s network.

“If you’re not sure, seek advice. Cyber security is a vast space and you can’t know everything. It’s better to ask for help than to leave the door open for an attack”
Jack Chapman, Egress

Vulnerabilities in software are regularly published as Common Vulnerabilities and Exposures (CVEs). While attackers will begin to develop exploits of identified weaknesses, it is essential that…