You are an internet star and you didn’t even know

Written by: Matan Reiman, VP of Business Development, Cyber AIOps Lead, Centerity.

Many people wish to be an internet celebrity in order to gain fame, influence and notability. Although, it is still hard work to become one, there is a good chance that you already are one of those internet stars and you just don’t know it yet…

Highlights

  • While security professionals often lack visibility of their organizations’ internet exposed assets, hackers are always on the lookout for such targets and case easily detected them
  • The statistics around misconfigurations are alarming and cybersecurity teams struggle to keep up and stay on top of this phenomenon
  • Using the right tools and increasing cyber hygiene can keep your organization from harm’s way

Be an internet star for the right reasons

When it comes to your personal brand, increasing your internet presence is important and can be very exciting. The prospect of becoming a powerful known influencer can bring along both social and financial benefits. But when it comes to your organization’s IT infrastructure, online exposure is a whole different story. Instead of fame and glory, your organization is risking a feature in the Wall Street Journal but for all the wrong reasons.
The reality on the ground is that all security teams today face unknown unknowns. With 70%1 of attacks being perpetrated by external threat actors, its crucial to understand what your organization’s digital footprint looks like and which unknown internet exposures you may have which hackers can easily find.
An average security tech stack today includes dozens of tools as well as awareness programs aiming to increase cyber resilience and improve the security posture. Nevertheless, millions of sensitive assets end up unintentionally exposed to the web and pose imminent threats to organizations. Such unknown exposures are low hanging fruit that are “waiting” to be exploited by hackers.
With so many tools and investment that goes into security programs, how come such blind spots are so prevalent? Simply put, misconfigurations and human errors.The natural maturation of businesses as well as digital transformation processes often translate into business growth but also mean that your IT ecosystem and digital footprint are growing and are in constant flux.
Spinning up new cloud instances, frequent deployment of development environments and adoption of new software tools are just a few examples of ongoing activities which often remain under IT and security teams’ radars and can easily result in risky misconfigurations.
Traditional tools are built for your known network ranges. Once set up, they will detect vulnerabilities and misconfigurations within pre-defined environments. But all your other connected assets will remain in the dark.
The numbers around misconfigurations which lead to unknown exposures are overwhelming. On average 64%2 of organizations’ digital assets are unintentionally exposed to the internet and not monitored. It’s time to take control of your critical assets before someone else does.

What can you do?

Here are 4 tips for achieving complete and ongoing visibility of your external attack surface.

  1. Accept the fact that assessing vulnerabilities from the inside only is insufficient. If you want to stay ahead of hackers, you must also gain their point of view and observe your business from the outside-in.
  2. Periodic and limited discovery exercises such as penetration testing are insufficient. With the current rate of change, exposed asset discovery should be fully automated, continuous and done at an internet-wide scale.
  3. Your supply chain is part of your IT ecosystem and is a source for potential unknown exposures. You need a solution which can monitor and identify the risks caused by your business partners and contractors.
  4. Full visibility is a must but not enough. Actionable security insights enriched with your business context is needed for quickly eliminating unwanted exposures.

Our advice… ensure your organization’s fame is driven by its success and not because a cybercriminal has managed to gain access to your sensitive data.

Conclusion

By gaining better visibility and converting unknown unknowns into known risks in real time, organizations can significantly mitigate and reduce security risks.

Centerity Cyber AIOps platform, with its unique attack surface management module is designed exactly for this purpose. With no installation or set up required, this solution indexes billions of exposed assets across the entire internet and automatically maps them back to your organization. You get real time visibility and insights into every potential risk across all your environments and the supply chain.

You’ll probably be surprised by the results! Talk with us!

[1] Source: Verizon’s DBIR 2020
[2] Source: Reposify 2020