Security Landscape Today

Great hearing what Derek Melber, Chief Technology Evangelist at ManageEngine, is seeing as he visits companies around the world. We are being breached. We see security fails everywhere. We all need to think about the fundamentals of security.

Security guidance over the years continues sharing the same best practices, the amount of money that's lost with each breach, and the number of records that are compromised. However, the guidance is worthless as the problem continues to grow.

Microsoft embeds PowerShell into every endpoint while hackers are able to use Mimikatz to exploit. The internet assists hackers to use PowerShell in an attack. All attacks begin and end with endpoints; as such, you need to secure all your endpoints.

Now there is a full suite of PowerShell “hacker” tools: PowerSploit, Invoke-Mimikatz, PowerView, and PowerUp. RSA 2016 had a presentation on Weaponizing PowerShell. It’s free and incredibly easy. Microsoft launches advances in scripting security and protection in Windows 10 and PowerShell V5. Then, a Windows flaw is exploited to deliver PowerShell backdoor (April 15, 2019). You need to secure PowerShell as well.

The cloud is nothing more than an extension of your on-prem environment. In August 2018, Microsoft blocked 1.29 billion authentications to Azure.

Are Our Security Efforts Bearing Fruit?

Spending on cybersecurity in the U.S. went from $27.4 billion in 2010 to $66 billion in 2018 — a 241% increase. While breaches went from 662 in 2010 to 1, 579 in 2017 — a 239% increase. While the number of records exposed exploded from 16.2 million in 2010 to 446.52 million in 2018 — a 2,756% increase. It appears the hackers' efforts are bearing a lot more fruit than our security efforts. 

7 Common Reasons Companies Get Hacked

Derek shared seven reasons why companies get hacked: 1) failure to check code before it’s deployed; 2) leaving source code exposed; 3) failure to change default passwords; 4) poor patching practices; 5) human error; 6) poor exfiltration control; 7) failure to recognize infiltration – Marriot took four years before they realized they were breached and they’re not alone.

Hackers always take the path of least resistance. If you wait a day to install a patch, trust that hackers will look for that opportunity.

Causes

Consumers and employees are the same in that free trumps security and free downloads are likely not secure. Then users share with others spreading the viruses. 75 to 80% of the top free apps were breached while 97% of top paid apps were breached. 70% of attacks now target office vulnerabilities because of the adoption of Office 365.

How Do We Address the Problem?

Secure passwords. Don’t rely on weak and stale Microsoft password policy options. Move to multi-factor authentication (MFA) where possible. Secure privileged access. Document and secure privileged groups. Maintain privileged group member lists. Secure endpoints. Reduce privilege for users on workstations and servers. Be notified when there's an anomaly. When a change occurs, get a notification. Track insider attacks. Use user behavior analytics. Secure environments from the ground up.

We’re being attacked at our foundation and we need to go back and identify and enforce foundational security best practices.