The cybersecurity landscape is constantly changing. More advanced adversaries are emerging with different motivations -- from monetary to political. Now more than ever, it's important for CISOs to closely examine their endpoints across their organization and assess how robust their defenses truly are.
As part of Cybersecurity Awareness Month, we sat down with Melissa Bischoping, Director of Endpoint Security Research, at Tanium, to discuss endpoint security and what organizations can do to implement effective endpoint hardening strategies.
What are some ways the threat landscape is changing?
In the past year, the cyber threat landscape has changed dramatically. For one, we’re seeing the emergence of new destructive malware such as the disk-wiping malware HermeticWiper and widespread DDoS attacks and web defacements. These attacks have increased since the Russian invasion of Ukraine, as cybercriminals and nation-state actors look to sow discord and disrupt communications within Ukraine’s government and allied nations. The geopolitical conflict since the invasion has also resulted in a spillover of cyber activity affecting US targets. CISA has rung the alarm plenty of times for organizations to harden their cyber defenses, particularly those managing and providing critical infrastructure. Global conflict is no longer siloed to specific regions. The world continues to become more interconnected and digital, and cyber activity knows no boundaries. This is forcing organizations thousands of miles away to protect their networks and endpoints even if they aren’t in the direct line of fire.
Another interesting way the threat landscape is changing is the increase of hacktivism, which although holds good intentions, has also been seen to escalate tensions. An example of this is Conti where a hacktivist got access to its source code and leaked it online in response to Conti’s public pledge to back Russia in the conflict.
What does the future of Risk Management look like?
Risk is, at its core, a relationship between vulnerability, threat and criticality. It’s not enough that organizations prioritize vulnerabilities based on uniform risk scores. IT security teams need to see which risks are most pertinent to their organizations, and which ones will have the biggest impact on important stakeholders. The key is to map everything back to vulnerability, threat and an understanding of how important a given asset is. Risk changes every second as the cyber threat landscape continues to evolve. For every emerging threat actor, every zero-day vulnerability seen in the wild, and every laptop that logs on, risk has changed. The security industry has an antiquated view of risk as a snapshot in time, but that simply will not work in a technology landscape that shifts so frequently. The goal of understanding risk is to provide actionable insight for mitigation and remediation, rather than just pointing out where risk is.
What specific risks are businesses facing with the increased attack surface?
One risk businesses are facing with greater frequency is malware that “trickles down,” allowing cybercriminals to modify and repurpose it as they see fit. This creates greater urgency for businesses to implement anti-malware and attack surface reduction rules on Windows systems. Teams need to be hyper-vigilant about the exposure of their attack surfaces. Businesses are also facing an increase in multi-prong cyberattacks, such as ransomware attacks, combined with influence campaigns, DDoS, destructive malware and false flag ops. Of course, as geopolitical conflict continues, organizations need to be on the lookout for influence campaigns and attempts by state-sponsored actors to target the lines of communication depended upon by the public for reliable reporting.
Why is endpoint hardening critical in this current landscape?
A key component of an organization’s risk management plan is to implement reliable endpoint security that offers visibility into all endpoints and attack surfaces. The best time to have asset management was yesterday, and the second-best time is today. Although many cybercriminals are likely focused on targeting systems in countries engaged in active military conflict, researchers and threat intelligence specialists have warned that there will be a likely uptick in cybercrime behavior stemming from the conflict. It is critical that IT security teams leverage this time to patch any gaps within operating systems and third-party tools, as well as fine tune policy to reduce their attack surface.
What can organizations do to implement endpoint hardening?
First and foremost, organizations need to prioritize reducing coverage and visibility gaps, remediating patch failures, and updating third-party software. As we touched upon earlier, the constantly shifting threat landscape does not allow much wiggle room for endpoints that are 30, 60, or 90 days out of compliance. You should take this opportunity to bring all systems up to speed on their operating system patches and third-party software, including servers and workstations. Organizations should also stay abreast of all CISA recommendations and notifications, as they have been requesting businesses to report any signs of an attack to their office. In the immediate future, security and IT Ops teams need to ensure incident response plans are in place and supported by specific tooling, along with deploying patch management solutions and remediating patch failures. What you do today is absolutely essential in setting a secure foundation for incident response capabilities in the future, and endpoint hardening is a key piece of your risk management strategy!