Cybersecurity Threats or Vulnerabilities
Cybersecurity: Vulnerability vs Threat vs Risk
Powered By: Steven Hazard
Cybersecurity Threats or Vulnerabilities
Cybersecurity: Vulnerability vs Threat video is powered by Steven Hazard.
Small Business Cyber Security
Small Business Cyber Security: Threats or Vulnerabilities?
Learning with Experts: David Seidman
We are your Melbourne Cyber Security Specialists.
iphone’s lock screen=Cyber Security
Cyber security for small businesses. Should We Focus on Vulnerabilities or Threats?
Threats are more important.
5 years ago, I and most others would have said vulnerabilities. But in recent years, it has become clear that vulnerabilities are only a single part of the “cyber kill chain”, and often not the most important part. Although the kill chain model has been criticized for oversimplification, it provides valuable insights in this case.
Specifically, the kill chain lays out a number of steps an attacker must take to achieve their objective, and vulnerabilities are only relevant to a single one of these steps (exploitation). Furthermore, when most people say “vulnerabilities”, they mean 0-days, but the majority of attacks do not use 0-days. Instead, they use phishing (first choice) or exploits against patched vulnerabilities (second best). Furthermore, detecting 0-days is very hard, because by their nature they are unknown, and attackers generally test them against the victim’s known software configuration to ensure success without detection. Detecting attacks against patched vulnerabilities is also somewhat difficult since by definition an unpatched machine is not being properly maintained. Furthermore, even an attacker who is detected can come back later with a different attack, trying again and again until they succeed without detection. We tried for something like 15 years to defeat exploits by fixing vulnerabilities and developing mitigation technologies such as stack cookies and ASLR, and while these technologies have unquestionably raised the bar for and cost of exploitation, they have fundamentally failed to stop attackers from finding and exploiting vulnerabilities. The same is true of the broader spectrum of non-technical vulnerabilities such as social engineering and password reuse – we have known these things are problems for 20+ years, and yet we have been unable to close the vulnerability completely.
On the other hand, once an attacker has established a foothold in the defender’s network, the balance of power shifts in the defender’s favor. Now the attacker must remain hidden while the defender can catch them at any moment. Any action the attacker takes may tip off the victim, and even if the attacker is silent, new information provided by third parties or new detection techniques implemented by the victim organization may identify the attacker. Once the victim identifies the attacker, they can use logs to trace the threads of the attacker’s activity, identify the extent of their penetration, and remove them from the network. For this reason, modern cybersecurity organizations place a large emphasis on threat intelligence about the adversaries who are likely to attack their organizations, and use that intelligence to prevent and detect the attacks they are likely to face at all stages of the kill chain. Smart organizations now “ assume breach” and spread their focus beyond vulnerabilities to other aspects of the attacker’s operation, such as lateral movement, persistence, data access, and exfiltration. John Lambert’s article on “list thinking vs. graph thinking” is very insightful on this topic.
This represents a change from 5 years ago when preventing the attacker from accessing the corporate network was the primary emphasis. This is now sometimes referred to as “M&M security” – hard on the outside but with a soft gooey inside. This shift is exemplified by Google’s Beyond Corp model, in which connecting via the corporate network confers no special privileges.
To summarize: in modern cybersecurity, threats are more important than vulnerabilities because they are easier to identify and do something about.
Melbourne Cybersecurity Specialists
Providing a secure system is critical to protect your business from cybercrime – external site and build and maintain customer trust in your business. Free First Cyber Security Consultations. Call your Melbourne Cyber Security Specialists – Your IT and Tech Mates now on Call Now or Book Now.
Cybersecurity Threats or Vulnerabilities
Small Business Cyber Security
Reference: David Seidman ( Sr Director of Detection at salesforce.com ). “What is more important for cybersecurity professionals to focus on, threats or vulnerabilities?” originally appeared on Quora, the place to gain and share knowledge, empowering people to learn from others and better understand the world.
Small Business Cyber Security
Your IT and Tech Mates: Your Tech Rescue Team.