This week of Cybersecurity Awareness Month is focused on “Explore. Experience. Share.”. As cyber criminals develop new attack vectors, launch zero day threats, and find new weaknesses, the most powerful defense against them will be finding ways to get ahead of them (explore), deploy new methods of remediating vulnerabilities (experience), and enabling this knowledge to be used widely and effectively (share). These can all be force-multipliers at a time when the lack of cyber security personnel and limited time to contain the damage of a cyber attack is requiring new approaches.
Exploring is critical to finding vulnerabilities before they can be exploited by cyber criminals. The use of discovery tools (such as Armis, Forescout, Claroty, Ordr, and others) is a perfect starting point to understand what assets you have on your network, and which ones have existing vulnerabilities. Many organizations are surprised to find devices they didn’t know existed, network traffic that was unexpected, and usage patterns that are abnormal – exactly the goal of exploring. It may end up being that a third shift security guard accidently “punched through” a segmented network to reach the internet in order to watch Netflix, or it could be a rogue device under the command and control of a black hat hacker getting updated malware to deploy. Only by exploring and analyzing can you determine if a threat exists.
Experience is taking actions and learning from them in order to craft better defenses. Almost every organization in considering new solutions at scale will first go through a proof of concept or trial of the solution in order to gain experience with it, and from that determine next steps. A good example is automated firmware updating on IoT devices; without trying it, you may assume that manual methods that are time and labor intensive is your only option (despite all but a few organizations being resourced to stay on top of IoT patches). Building on experience in one area can also help to quickly shrink the attack surface. Viakoo has seen that with deploying certificates (802.1x or TLS) on IoT devices; many organizations have experience in certificates for traditional IT systems, which can be built upon to accelerate using certificates on IoT (the fastest growing attack surface).
Sharing is the cornerstone of a professional community, and our best defense against cyber attacks. Few exploits are used just once against one target, and more than ever there are processes for sharing critical vulnerabilities and how attacks are being performed. More is needed, especially on solutions to remediate vulnerabilities. As many security teams have limited resources, that limits how many and how often such trials can be performed. If your organization is doing evaluations of new solutions consider publishing or presenting results to a wider audience, either internally or externally in venues like conferences and webinars. Likewise, look out for demos, tutorials, and experience sharing from other companies if resources are limited.
Keeping a focus on innovation requires following a process that involves exploring, experience, and sharing. It’s urgent to embrace this approach, given the rapidly expanding attack surface and the need to be as innovative as cyber criminals in looking for ways to stop new breach vectors. As Einstein said, the important thing is to not stop questioning – so stay curious this month and throughout the year! Viakoo is here to help you with that journey – whether by discussion, demonstration, or sharing examples of proven methods to defend the IoT attack surface.