4 Common enterprise cyber security risks & how to thwart them
There are four cyber security risks that every enterprise should be aware of. Namely, they need to ensure employees are using strong passwords, minimize the number of inactive accounts, devices and software, avoid using software that’s passed End of Support, and shore up their approach to firewalls and antivirus. Keep reading to examine each risk in more detail.
1. Password security
While password security might seem like a basic concept, it is fundamental in protecting networks from unauthorized access. For example, according to the 2021 Data Breach Investigations Report, stolen credentials can be linked back to 81 percent of breaches. As on-premises and remote users often need logins to use basic business software, password security is essential to smooth business operations.
To mitigate this risk, organizations need to establish and enforce strong password policies. The password policy should require:
- Unique password for each application
- A minimum of 10-14 characters, including uppercase letters, lowercase letters, numbers, and special characters
- Regular password changing
As a way to help enforce the password policy, organizations might want to consider providing users with a password management tool.
Additionally, enforcing multi-factor authentication (MFA) can also enhance password security. MFA requires users to incorporate at least two of the following authentication methods:
- Something they know (a password)
- Something they are (a biometric like fingerprint or face ID)
- Something they have (a smartphone or token)
MFA makes it more difficult for threat actors to gain access to a network because the biometrics and objects are unique to the user, preventing remote threat actors from accessing the account.
Inactive accounts are accounts for users who are either away from work for an extended period of time, or those who have left the organization but their account has not been deleted. Keeping track of these accounts and removing them when no longer necessary will reduce the attack surface against your organization.
2. Inactive devices and software
With remote access now driving business operations, devices, and applications that use the network become access points that threat actors can manipulate during attacks. Inactive devices, software, and user accounts are often unmonitored, meaning that threat actors can use them without being detected.
For example, when a leading credit rating agency experienced a data breach, threat actors used a device that had been inactive for nineteen months. When the company updated the security certificate, they noticed abnormal traffic, indicating a compromise.
To mitigate the risk that threat actors will use a “zombie” device, account, or software, organizations should:
- Identify all devices connecting to the network
- Identify all users connecting to the network
- Identify all software transmitting and receiving data across the network
- Disable any inactive devices, software licenses, or user accounts
Many organizations use a network scanner to detect devices and software accessing the network. Additionally, reviewing user accounts for workforce members who recently terminated their employment is another way to limit network access risks.
3. End of life or end of support software
Another primary network security vulnerability comes from old and outdated software. When software companies no longer provide support, it means that they no longer supply security updates. In other words, if security researchers or threat actors find a new vulnerability in old software, the company no longer releases a security patch to mitigate risk.
To mitigate the risk that threat actors will leverage known vulnerabilities in End of Life (EoL) or End of Support (EoS) software, organizations should:
- Regularly install security updates
- Remain aware of software vendor EoL/EoS notifications
- Detect and review all software instances and provide a risk assessment
4. Poor firewall & antimalware practices
Firewall configurations can be both a security control and a weakness. Appropriately, configured firewalls only allow approved connections to an organization’s network. Organizations usually use allow and deny rules which approve trusted IP addresses and deny all others. Since every device or source has its own IP address, firewall rules and configurations mitigate risk by denying access to unknown devices or sources.
Misconfigured firewalls, however, can let in unknown devices or sources. For example, one US city experienced a data breach because threat actors were able to scan the network for firewall misconfigurations that allowed them to deliver ransomware using an unknown, untrusted device. To mitigate this network risk, organizations should look for solutions like:
- Endpoint Detection and Response (EDR): Improve visibility by detecting all devices connected to the network and recording their activity.
- Extended Detection and Response (XDR): XDR goes beyond EDR and applies integrated analytics, machine learning, and threat intelligence across security data like endpoints, email inboxes, server workloads, and network security layers for advanced threat detection and response.
While EDR offers a starting point, XDR is ultimately a more robust approach to mitigating endpoint security risks. However, many organizations struggle to manage these solutions on their own.
Managed Detection and Response (MDR) offers a service solution that small and mid-sized organizations can use to enhance their security posture. With MDR, organizations can gain the benefits of XDR while outsourcing the services to reduce the burden placed on internal teams. MDR services incorporate the following:
- Email security: Reduce phishing risk by gaining visibility into potentially compromised endpoints.
- EDR: Leverage telemetry and activity data to detect suspicious behavior while leveraging context.
- Network security: Gain visibility into unmanaged devices, legacy technologies, Internet of Things (IoT) devices, and Industrial IoT (IIoT) devices to detect activity using network analysis tools. Network Intrusion Prevention tools will automatically block malicious traffic, thereby stopping an attack in its tracks.
- Cloud/Server workloads: Detect and contain risks early on in the attack lifecycle with visibility into a potential lateral movement across systems.