Mind the Gap: Organizations with High Cyber Risk Have These Five Security Gaps in Common

Many enterprises face high cyber risks. In fact, over two-thirds (70%) of CISOs feel at risk of a material cyberattack over the next 12 months, compared to 68% the year before and 48% in 2022, according to Proofpoint’s Voice of the CISO Report.

These statistics aren’t surprising on their own. However, what’s surprising is that cyber criminals aren’t targeting large companies with the biggest bank accounts; they're targeting companies with known vulnerabilities and inadequate cybersecurity protocols, regardless of size.

With more and more Chief Information Security Officers (CISOs) fearing a cyberattack, now is the perfect time to discuss the proactive steps businesses can take to protect themselves. When organizations review their security strategies and programs, there are five security gaps that must be prioritized:

These five security gaps leave organizations more vulnerable to a cyberattack if they are not addressed through proactive measures. Addressing these gaps is also critical from a cyber liability perspective. Demonstrating a proactive approach to risk mitigation reduces an organization’s overall risk profile.

Reducing Cyber Risks: A Plan of Action

Here’s how IT and cyber security teams, together with management, can close these gaps.

Vulnerable and Unpatched Internet-facing Systems. Any server or system open to the internet must be protected. Teams must take inventory of business-critical systems that sit on the network perimeter and prioritize patching for those systems. A risk and attack surface management strategy and formal patching process will ensure that internet-facing systems are not easy avenues for bad actors in your organization's environment.

Weak Financial Controls. Weak financial controls, including when there is no out-of-band authentication (OOBA), can lead to social engineering. For threat actors, a business email account is a golden ticket to sway a victim to believe they’re working with someone they trust. Typically, their main goal is financial gain through the transfer of funds to an attacker-controlled bank account.

For example, Business Email Compromise (BEC) scams are becoming more prevalent. Here, a threat actor compromises an email account belonging to a CFO or a member of the accounting staff to trick an unsuspecting user into wiring money to an attacker-controlled bank account.

In the case of executing electronic payments, OOBA provides a secondary verification method through a communication channel separate from the original request. An example of OOBA is calling a trusted phone number to confirm a change in payment instructions sent via email from a vendor. Financial controls are not new, but it's surprising how many businesses don't take the extra step to verify any ACH or wire payment instruction changes. Implementing this best practice does not require a new security solution or system; it involves a simple process change.

Lack of Environment Visibility and Threat Response. Failing to protect endpoints within an environment can lead to malware attacks, and it’s not enough to have Endpoint Detection and Response (EDR). Endpoint security solutions must be properly deployed throughout the environment on all business-critical assets, fine-tuned for the environment, configured to be in active mode to proactively defend against potential threats, and consistently monitored. EDR is best used in conjunction with a trained internal security team, a Managed Security Service Provider (MSSP), or Managed Detection and Response (MDR) to maximize potential usage. 

Weak Backup Strategies. Failing to protect backups – the last line of defense – can be costly. According to Sophos, 94% of organizations hit by ransomware in the past year said that the cybercriminals attempted to compromise their backups during the attack. A backup strategy is important to quickly recover and lower the likelihood of paying the ransom. It also increases a business’s resilience and improves the time it takes an organization to get back on its feet.

Backup strategies should include having an offsite or air-gapped backup copy to create a barrier between primary digital assets and malicious actors. In other words, having a backup copy that is away from the crime scene. A backup copy that cannot be accessed from the primary environment mitigates the risk and likelihood of an attacker destroying the entire backup stack.

Another strategy to consider is an Immutable Data Repository. Immutable copies help ensure that a backup copy can’t be deleted (accidentally or intentionally) or encrypted during a ransomware event. If done well, that immutable copy will serve as a reliable part of your incident response and remediation strategy.

Lack of Defense Against Unauthorized Access. Multifactor Authentication (MFA) is often talked about as critical and is proven to reduce cyberattacks. Microsoft recently found that more than 99.9% of compromised accounts did not have MFA, leaving them vulnerable to password spray, phishing, and password reuse. However, not all MFA is created equally. Attackers are finding ways to circumvent MFA through SIM swapping, stealing authentication tokens, and IT helpdesk impersonation. MFA can be advanced to FIDO-2 or app-based MFA, which are more phishing resistant. Having these in place can raise the barrier of entry for an attacker and reduce the risk of unauthorized access to your organization's systems.

A Final Word Closing Security Gaps and Addressing the Top Cyber Risks

Closing these security gaps is necessary in today’s world of relentless cyberattacks. Externally, the influence of cyber insurance carrier partners who measure cyber risk and advocate for security controls will have an impact. Internally, teams must work together, including the C-Suite, IT, and security teams, to close these five critical security gaps and reduce cyber risk for their organization and customers.