A cybersecurity breach or shutdown due to ransomware can bring a company down. financial loss. Defamation. legal penalties. No one wants to take responsibility, but attacks are on the rise. The average corporate data breach in the US costs $9.44 million, plus regulatory penalties.
And attackers are always looking for better weapons. To pull the true story from the headlines, a UK executive was tricked into a phone call from his AI-generated CEO. The voice on the phone had the boss’s exact German accent and cadence. The executive dutifully followed his instructions to wire $243,000 to a “new supplier” in Eastern Europe.
It was futuristic when it happened, but most cybercrime successes come from simpler techniques applied to the path of least resistance. You can steal dollars. Imagine how new threats like language model AI-based attacks can hurt your business. The previous example pales in comparison.
Luckily, cybersecurity hygiene can greatly limit exposure and prevent most breaches.
good things, bad things, ugly things
Let’s paint a picture of what we are dealing with. The average enterprise rates 345 new vulnerabilities as critical in terms of attack surface per month. The attack surface is constantly changing (around 9% monthly), making it difficult to detect security gaps. Fixing all possible critical vulnerabilities keeps security teams busy full-time.
To truly mitigate risk, security teams need to know which vulnerabilities really matter most and how to mitigate them. An exposed customer database can cost millions of dollars and disrupt your business. By comparison, old warehouse maintenance logs have little business value and are therefore less urgent.
Lesson learned here? Having the visibility and context to prioritize those with the highest risk of consequential loss gives you the great advantage of knowing what to mitigate first. Cybersecurity hygiene also enables proper prioritization. Why? A poorly governed environment with out-of-date firmware, passwords, and user privileges will undoubtedly create gaps in the attack surface and point malicious individuals at exposed assets. take it back.
Look at the entire forest and decide which unhealthy trees to cut first
The solution to this problem is not to adopt more point solutions, contrary to what many organizations have become accustomed to. In fact, the security stack has spun out of control, creating more administrative work and alert fatigue than most security teams can handle.
However, a key factor in prioritizing risk is having complete visibility into assets, data, users and applications. More than half of successful breaches involve undetected or unmanaged assets. With proper visibility, security teams can:
● Manage all assets and address security.
● Examine the context and business intent when it appears in security alerts.
● Prioritize the true “I need to fix it now” issues and get to work fixing them.
● Identify tweaks that help with hygiene, such as eliminating weak passwords and data leaks.
Another important lesson: look at the forest and figure out which trees to cut down. By identifying the purpose, context and value of your business assets, you can prioritize the “real world” and significantly reduce the number of critical alerts that need remediation.
On the other hand, robust hygiene across the organization keeps that forest small, making it harder for hackers to exploit vulnerabilities.
Components of Effective Cybersecurity Hygiene
Robust hygiene includes managing passwords and firmware updates, performing regular backups, and keeping data access permissions up to date. But for hygiene to be fully effective, other components of cybersecurity must be in place. Let’s review what constitutes cybersecurity hygiene and how to use it.
● Visibility. This requires more than basic visibility to track and protect all your assets. The hurdle rises and you have to identify which division or subsidiary each database and server belongs to. (See Ownership Attribution below). Even today, many organizations lack a complete, up-to-date view of their network and data assets.
● A risk assessment of the entire attack surface. This should include the external attack surface. For example, even government cloud assets can expose terabytes of email if not properly evaluated and protected.
● Automation to determine asset context and business value. This requires attributing assets to appropriate business units within the organization and categorizing them by type. This allows us to measure their value and the consequences if compromised.
● Vulnerability prioritization. Simply accepting a list of critical vulnerabilities popping out of your security toolset can tie up your team and lead you to track down the wrong critical vulnerabilities. Accurate prioritization depends on knowing the context and ownership of assets and their exploitability. For example, if one password is stolen, can a customer’s personal information be stolen?
● An environment that enables cyber hygiene. This includes his Zero Trust architecture, effective strategies for rapid remediation, and engaging and motivating employee training.
Cybersecurity hygiene reinforces other basic security measures. By working together, most companies can block most cyberattacks. It’s about getting back to basics, prioritizing the vulnerabilities that need fixing.
Dig into the use of automation. It has a dual role here. Handles the daunting drudgery for cybersecurity hygiene and other processes discussed above. Automation is essential in classifying, attributing, and assigning value to IT assets using heuristics and natural language programming.
What about exploitable vulnerabilities and attacks that actually succeed?
Cybercrime – successful attacks and their consequences – will collectively make us the third largest economy in the world after the US and China. Businesses need to efficiently remediate significant exploitable risks. Hygiene reduces exploitability by reducing unauthorized access. This is of great help.
But what happens when an attack breaks through? Rapid detection and remediation with a well-executed response plan speeds MTTR, contains the blast radius from a successful attack, and limits damage.
If you understand your own attack surface, from a hacker’s perspective, buying stolen credentials can go undetected if you don’t have proper cybersecurity measures in place across your organization. You can understand that there is Zero trust principles can provide significant protection, but something as simple as frequent password rotation can render stolen credentials useless to an attacker.
Attackers continue to look for unpatched firmware, easily cracked passwords, and misconfigured security controls. The bottom line: Effective security hygiene is non-negotiable, with complete visibility and risk prioritization based on real-world conditions.
Know your attack surface and be very careful. This allows any organization to deny attackers the easiest thing to do and protect their assets, customers, and reputation.
