Contributed ArticleMajor cybersecurity attacks and their impacts are being reported daily by global media. However, many of these attacks, are often a consequence of a series of operational lapses and oversights at the targeted enterprise.
Innovation and security practices
The vision and strength of a business will drive its innovation forward, whilst its baseline of investing and building security practices will help to protect the organisation as it moves forward. However, most organisations struggle to balance these two worlds. Or in other words, struggle to effectively balance innovative business operations with security safeguards needed to protect them.
A typical forward-looking discovery process would be the classification of an organisation’s crown jewels, foot printing their visibility, and further identifying the surface and landscape through which they are the most vulnerable to internal and external attacks.
Crown jewels, data, and assets
Moving forward, innovative business practices are generally always built around the core competence of an organisation, typically referred to as the crown jewels of an organisation. It is therefore vital to identify these crown jewels in terms of tangible assets and information that matter the most to the business and its customers so that they can be protected and safeguarded.
Business practices are generally always built around the core competence of an organisation, typically referred to as the crown jewels of an organisation
These are identified and pinpointed by involving business heads to validate the assets and data that matter, the operational processes that create this data and embody the assets, and acceptable levels of business risk around these data and assets. They are also the assets that are most critical for the accomplishment of an organisation’s mission. Once these assets and data are identified, knowing their significance for the business, they will be of value to an attacker, and if compromised will have a business impact.
Digital footprints
Further to the identification of the crown jewels’ assets and data, the next step is to give them digital footprints. The process of creating digital footprints consolidates all assets, internal and external, known and unknown, into a manageable mapped inventory. Since they have been mapped, their security vulnerabilities are exposed and therefore profiles can be built on the basis of relevance, context, and capability.
Digital footprints find areas such as expired domain names, expired SSL certificates, forgotten cloud servers or buckets, demo web services left running, exposed services, and ports. A digital footprint gives visibility beyond the network boundary into areas that may create data loss. This process consolidates Internet-exposed assets, both known and unknown, into a manageable inventory.
Attack surface, the threat landscape
Amongst the suggested measures to reduce the attack surface are to limit the amount of code running; cut down entry points for untrusted users; shut down services requested by only a few users; eliminate services identified that may not be required. However, reducing the attack surface does not lower the amount of damage an attacker can inflict if a vulnerability is found.
A digital footprint gives visibility beyond the network boundary into areas that may create data loss
The threat landscape is an assessment of risks and exposure based on a specific organisation and industry. It is meant to be less technical and to support high-level decision-makers through reports and briefings. The strategic intelligence should provide patterns in threat actor tactics and targets, and geopolitical events and trends.
The vision of a business will drive its innovation, whilst its baseline of security practices will help to protect the organisation as it moves forward.
