Beyond vulnerability scanning: Enhancing attack surface management for more proactive security

June 29, 2022

Insights from Verizon’s 2022 Data Breach Investigations Report

By: Keegan Henckel-Miller

Share on facebook
Share on twitter
Share on linkedin

In recent years, the cybersecurity threat landscape has ballooned in both size and complexity. The security community must now combat escalations in the number and diversity of  threats as attackers leverage more advanced capabilities.

Verizon recently released their 2022 Data Breach Investigations Report, the 15th annual DBIR. Below are our key takeaways from the report, with analysis and recommendations.

3/4 of cases yielded evidence that pointed outside of the victim organization 

Verizon’s findings indicate that a data breach is far more likely to result from external attacks than from any other source. These external attacks include credential stuffing, phishing, exploiting vulnerabilities, and other tactics. Stopping attackers before they are able to gain a foothold in the network is a crucial core capability of any security team. 

This finding highlights the need to prioritize your external attack surface in your security plan. Although no system can be made fully secure, those with true visibility of their external attack surface will do a vastly better job mitigating risk than those who lack this insight.

Pen tests and vulnerability management programs are a start; however, they are often limited in scope and only take place periodically. They are merely a snapshot of a moment. Attackers can easily maneuver outside of that moment.. Adding EASM covers more bases, and an external attack surface management solution should be continuous and automated to be fully effective.

Ransomware grew 13% this year and is now present in almost 70% of malware breaches

This report shows that ransomware continues its upward trend. Ransomware is a big business and many groups continue to be quite successful exploiting large companies and locking down their systems.

While insurance can help offset the financial cost of a ransomware attack, recouping damages does nothing to protect users or IP. Attackers may still be able to hold or sell the valuable information they collected.

According to the findings in this report, the problem has gotten worse. This year alone ransomware attacks rose by 13% This increase is as large as the last five years combined (for a total of 25% growth over that time).

Ransomware is no different from any other malware — the best way to fight it is to avoid initial compromise. Once you receive a demand for a payout, it’s already too late. The most effective way to get ahead of a ransomware attack is to have a resilient enough network to keep attackers away from your crown jewels to begin with. By monitoring your external attack surface, you can identify the holes in your network that attackers are most likely to exploit. When you have a reliable means of prioritizing your targets, you can focus your team’s efforts where they will matter most. 

82% of data breaches occurred, in part, due to human error

Security teams are overworked, outmanned, and outgunned. Attackers are more capable and numerous than ever before, and the security community needs more experienced experts. With a dearth of time and resources, it’s easy for vulnerabilities to fall through the cracks. When this happens, attackers can easily infiltrate a system and look for ways to move laterally.

Moreover, this illuminates a problem with the way security programs are set up and tested. Penetration tests and other common methods of security testing mostly focus on the technology rather than the people and the process. For example, even a perfectly secure system with zero technical vulnerabilities is still susceptible to phishing attacks. In this case, the person who ends up clicking the malicious link would be the vulnerability. This exposes the fact that security programs must take a holistic approach when preparing for attacks.

Randori Attack is a continuous, automated red team experience. Our platform leverages expertise from some of the world’s best hacking talent to continuously attack and improve a company’s network in real time. With a proper red teaming solution, security teams can ensure that they prepare their personnel for how to respond during a real world attack. 

How Randori Can Help

For the past couple of years, the rate and ferocity of attacks have increased, and the stats have painted a gloomy picture for defenders. But the existential battle of cyber security is far from lost. The philosophies on which security programs are designed are simply lagging behind the modern threat landscape. 

Our name, Randori, is a jiu jitsu term, meaning “practice how you fight.” This is the fundamental concept upon which our platform was conceived and built: security teams cannot wait until a data breach occurs to see how well their program responds. They test their program realistically before the next big attack to ensure their security infrastructure remains resilient.

Gain an Attacker's Perspective

Uncover your true attack surface with the only ASM platform built by attackers. Stay one step ahead of cyber-criminals, hacktivists and nation-state attackers, by seeing your perimeter as they see it.