In conversation with Vijendra KatiyarCountry Manager, India and SAARC, Trend Micro, BW Businessworld takes a deep dive into the growing attack surface in cyberspace and explores how attack surface visibility is key to addressing vulnerabilities. Read on for excerpts from the interview.
Why are organizations failing to protect themselves today, when they know the dangers of a growing attack surface?
If you look at incidents that have happened recently related to the supply chain, especially in the last few years, like SolarWinds. What is really happening is that organizations are embracing digitalization. Today, we use different platforms, services and integrate several supply chain providers, service providers and shadow IT. It’s the new way business is done. But the visibility of this expanding digital surface is limited. As we interact or open APIs to do business and integrate with multiple different service providers, the attack surface continues to expand, creating a problem.
To give you an example, I was talking to a CISO recently and he told me that he didn’t even know there was a team that did product marketing and that they had created a microsite in the cloud . If this microsite is vulnerable, who is responsible? Of course, the IT and security team is responsible for this because it is part of the digital surface of the organization. This is where it becomes very difficult and we are seeing an expansion in terms of the digital surface and, therefore, the expansion of the attack surface.
As the attack surface continues to expand, how do you deal with cyber risks?
The most important thing is that you need to have visibility into your external attack surface. Due to recent supply chain disruptions in the security operations hype cycle, Gartner has introduced the term EASM (External Attack Surface Management), which essentially continuously monitors your actual surfaces, whether your IP address, your URL, your domain name or whatever. that faces the outside or the public. You need to watch it constantly. So there should be some mechanism or tool in place with which you are able to find that out. It should be an ongoing process. You continue to watch, to understand, to watch the new source. Once you have visibility, you can continue to deal with any new vulnerabilities it brings or new risks that are introduced. So if you have a good process for doing this, you will be able to solve many problems.
How can organizations contain the growing attack surface and improve the visibility issues associated with it?
When you talk about mitigation or attack surface management, it can be a very similar approach. You have to look very clearly at two things. One looks at everything that happens on the outside and the other looks from the internal surface of the cyberattack.
You need to assess the risks associated with users. Are these users genuine or not? What is their location? Importantly, with the remote workforce, where are people logging in coming from – different locations? Or, if the devices they use comply with company policy? Are they patched or are they using an unauthorized application? Based on this, you arrive at a risk score.
That’s what we do at Trend Micro. We arrive at a cyber asset risk score. At any time, if we know that the risk score is below a certain threshold, we introduce a Zero Trust policy, where we stop access for that specific user or application because the risk score is low. If the user carries some risk, that user is vulnerable. Therefore, we do not want this user to access the network. If you have new users, devices, or apps, you should continue to monitor them as well. The other thing we touch on is the external attack surface, which is pretty much the same. You must have continuous visibility into what is happening on the external attack surface. Organizations need to look at multiple departments, businesses, and digital platforms they operate.
You don’t want to have shadow IT, where people are doing their own thing. This is something that organizations should avoid.
How can organizations deal with the threat of ransomware? Is there anything in particular they should do?
There is no silver bullet as ransomware has evolved. As an organization, the most important thing you should do is be proactive. This means that at all times you need to know what is going on within your organization. Again, it comes down to the same thought process of having clear visibility. SecOps (security operations) is becoming very important.
I have often seen quarterly audits and quarterly checks happen in organizations. But that is not enough. You must have an ongoing vulnerability management program. One very interesting thing we do at Trend Micro is to prioritize vulnerability. Now, there are so many vulnerabilities in the wild, globally, that it becomes difficult to understand which one should be an organization’s number one priority. What you need to do in such a scenario is look at the universe that is relevant to your industry. This should be priority number one – you don’t need to look at what’s going on in 10 other organizations. So that’s what we help customers do at Trend Micro. Once you are able to prioritize the vulnerabilities, you can mitigate that and have solutions, perform virtual patches, and remediate them in multiple ways.
Read also : In India, average data breach cost is Rs 17.6 Cr: Report