A vulnerability is a software code error that hackers can use to gain direct access to an IT system. "Exposure" is an incident in which a previously detected weakness has been taken advantage of by an unauthorized actor in the network.
Recent research suggests that only 2% of all exposures give attackers seamless access to critical assets, while 75% of exposure incidents along attack paths lead to "dead ends," preventing cybercriminals from reaching sensitive information. Another key insight provided by this study is that 71% of organizations have exposed local networks that put their critical Cloud assets at risk. This means that once a hacker gains access to the local network, 92% of these critical assets become vulnerable.
3 Key exposures that are often overlooked
In addition to exploiting vulnerabilities, cybercriminals take advantage of combined exposures to launch stealth attacks on an organization’s infrastructure and steal its critical data.
The local network environment: As attention has shifted to the Cloud, many businesses are overlooking the importance of investing in building effective and agile controls on local networks. This has placed critical assets at risk, even if they are in the Cloud.
Privileged access to identities: user accounts, roles and Cloud services continue to grant too many permissions to make them easier to manage, but also allow cybercriminals to expand their attack routes once they manage to break through the first layer of defense. This is why zero trust, which implements restricted access, is seen as the go-to strategy by many CIOs. However, the perception that it adds friction to the user's daily workload sometimes dissuades businesses from applying this approach. A balance must be struck, because operating with the philosophy that every user is a privileged user also triggers successful attacks. Accounts with limited permissions significantly reduce a hacker's ability to cause damage or steal valuable information.
Misconfigurations: misconfigured security controls are still common, and cybercriminals take advantage of this mistake. In an advisory, CISA notes that malicious actors use scanning tools to detect open ports and often use them as an initial attack vector. It also states that they frequently use the following services to access networks: RDP, Server Message Block (SMB), Telnet and NetBIOS.
How to prevent exposed access to critical assets?
Today, security teams are often inundated with too many benign and unrelated vulnerability alerts. Given this heavy workload, organizations must focus on identifying areas where exposure converges into an attack path.
With limited staffing, these teams need help prioritizing which patches to apply based on the severity rating on the Common Vulnerability Severity Scale (CVSS) to avoid diagnostic fatigue. Deploying a patch management tool like WatchGuard's provides the solution to this problem, as it simplifies vulnerability management and allows the scheduling of patch installations according to their criticality, taking the pressure off teams to constantly keep all software releases up to date.
There is another way to ensure that exposures don’t pose a hazard to an organization's security that complements traditional patch management: behavioral threat hunting. This is the proactive search for signs of post-exploit activity focused on adversary behaviors that indicate an active threat. This helps prioritize and balance the need to apply patches, enabling organizations to manage their resources efficiently to stay one step ahead of potential threats.
Adopting this approach is easier if you deploy XDR technology, which correlates telemetry from different solutions to provide the threat context needed to prevent it from becoming a cybersecurity incident.