3 Common Cybersecurity Exposures and How to Manage Them

The global average cost of a data breach is $4.4 million, according to a recent IBM report. That cost increases the longer the threat dwells, in part because of reputational damage, operational outage and other negative impacts. It takes 197 days to detect a breach and 69 days to contain it. The success of sophisticated cyberattacks and the difficulty in detecting them have executives prioritizing a proactive approach to cybersecurity. 

Digital transformation initiatives like IT/OT convergence have cast a shroud over an ever-expanding attack surface, with more than 40% of assets going unmonitored. Security teams cannot protect these unknown and unmanaged assets. 

The threat landscape is constantly evolving, from ransomware to APTs. Threat actors have compromised a variety of critical infrastructure. They are weaponizing AI to make their attacks more effective, with nearly three-quarters of IT decision-makers concerned about AI-enabled cyberattacks. 

Regulatory compliance mandates and common security frameworks provide some structure to address these issues, but they require sustained efforts to maintain. Organizations have a backlog of hundreds of thousands of alerts, while threat hunting and remediation processes are brought to a standstill by disconnected tools. 

Cyber exposure management has emerged as a strategic approach to implement preemptive protection. It is the absolute first line of defense. The three core elements of cyber exposure management are: 

• See – Understand your environment.
  
  
• Protect – Identify and prioritize the threats that matter most.
  
  
• Manage – Operationalize the remediation lifecycle. 

Read on for a better understanding of the most common challenges organizations face and best practices for cyber exposure management. 

An incomplete view of the enterprise environment 

Building a strong foundation goes hand-in-hand with a focus on fundamentals. You can’t patch a vulnerable device if you don’t know it exists. That’s why many compliance frameworks, including NIST 800-53, PCI DSS and NERC CIP, require an asset inventory. 

An asset inventory should provide visibility into all physical and virtual assets, underscoring the core element of “see.” Furthermore, an asset inventory can serve as a single source of truth for the remaining core elements, “protect” and “manage.” 

Many time-consuming and error-prone manual processes leave organizations with an incomplete and outdated view of their network. Enterprise environments, which span multiple systems and geographic locations, are simply too complex and dynamic to be tracked and managed with a spreadsheet. Industrial systems also often face interoperability issues with modern cybersecurity and management interfaces. 

Every organization is unique, so there are too many corner cases to examine, but one of the most common examples of unknown assets is building management systems (BMS). Likewise, public Wi-Fi access points serve as an open port for unknown assets to connect. And in a similar vein, many modern cyber threats target vulnerable network devices, such as routers.

The point is that there is no way to know how an organization is exposed until it has real-time visibility and control of its entire environment. 

Cloud and virtual environments lack oversight

Beyond vulnerable and misconfigured assets, cybercriminals also target exposed cloud services and virtualized environments.

Widespread digital transformation initiatives, such as digital twins, have blurred the lines between IT and OT environments as well as on-prem and cloud environments. There are numerous examples across niche industries, including healthcare, manufacturing and more. 

Another complicating factor is the speed at which cloud resources are created and abandoned. Developers often deploy test environments or shadow IT instances that remain unknown, unmanaged and exposed to threats. Misconfigured storage buckets, weak identity and access management (IAM) policies and insecure APIs are all vulnerable to cyberattacks.

Enterprise data needs to be protected in cloud and virtualized environments, but maintaining visibility remains a challenge. These services and their users may be deployed and provisioned without any oversight. Misconfigurations within these services and accounts may enable threat actors to move from on-prem to cloud instances or vice versa. 

Third-party risk is difficult to manage

The IT supply chain further amplifies the diverse yet interconnected nature of the enterprise network. Third-party risks include vulnerable assets, software and cloud services. Attackers are increasingly targeting these supply chains because of the potential to compromise downstream organizations. 

For example, the SolarWinds breach affected 18,000 customers with a compromised software update. Another concern is that vulnerable software libraries, such as the Log4J vulnerability, may be integrated into products and solutions without the end-user’s knowledge. 

Some vendors have started offering a software bill of materials (SBOM) to provide visibility into their software components; however, it has not yet become an industry standard. There should be a shared responsibility for any organization consuming third-party services, but the reality is that organizations have little control over their partners. 

Managing this risk begins with contractual obligations, which can only be enforced with transparency and visibility. Ideally, vendors should be providing SBOMs, compliance certifications and so forth, but organizations must ultimately take responsibility for their own security. 

Building a proactive defense strategy

The core elements of cyber exposure management can be further described as visibility, context, proactivity, orchestration and continuous monitoring. These elements allow security teams to anticipate and mitigate threats before there’s any impact. 

Visibility is the ability to see all assets, regardless of their location or type. Beyond visibility, contextual awareness and intelligence enable better decision-making. Organizations that identify vulnerable public Wi-Fi access points or industrial systems that are difficult to manage, for instance, may want to implement network segmentation to isolate those risks. 

The concept of proactive protection is central to cyber exposure management. Preventing a data breach is much more cost-effective than responding to it. Preemptive protection means identifying vulnerabilities and exposures and fixing them before they can be exploited. 

The final core elements of cyber exposure management are intended to make these processes more effective. Orchestration capabilities enable organizations to unify their tools and data into highly efficient workflows. Continuous monitoring includes the ability to identify when new assets connect to the network, discover threat activity and maintain a state of compliance. 

Just as threat actors are leveraging AI, so too should cybersecurity teams. For example, behavioral analysis can model what is considered “known good” behavior, so that deviations can be investigated as potentially malicious anomalies. 

To summarize, here are five steps organizations should be putting into practice: 

• Build a real-time asset inventory – Automated and continuous discovery tools can identify all critical assets, including IT, OT, IoMT and BMS.
  
  
• Audit cloud accounts – Visibility into cloud environments can help identify shadow IT and misconfigurations, such as unnecessary permissions.
  
  
• Network segmentation – Isolate high-value assets, including industrial control systems, that may otherwise be difficult to monitor and manage.
  
  
• Maintain oversight of third-party risks – Require vendors to provide transparency into supply chain risks with SBOMs and security certifications. Continuously monitor for vulnerabilities and exposures.
  
  
• Adopt behavioral analytics – Use AI-driven behavioral analytics to establish a baseline of "normal" behavior.” Investigate alerts for real-time threat detection and response. 

Preventing cyberattacks is a challenge; however, many organizations would be much better prepared if they focused on the fundamentals. Cyber exposure management is designed to build upon these fundamentals, establishing the foundation of visibility and context required for proactive protection and optimizing management through orchestration and continuous monitoring.

This forward-thinking approach enables organizations to take control of their attack surface before threats cause disruption.