Misconfigurations open the door to the network for cyber criminals. A risk analysis of all endpoints can help to sharpen the focus on these weak points. Armed with this information, IT security can proceed to eliminate the risks.
The threat landscape is serious and organizations are facing more attacks from cyber criminals. These are also becoming more and more dangerous and sophisticated because the attackers are constantly using new attack vectors or more advanced technologies such as machine learning. At the same time, the attack surface through cloud computing and the workforce distributed in the home office is constantly increasing and is more difficult to keep track of. No wonder that the IT security departments of many organizations are calling for more staff and better defense tools - and for more budget. But beyond ever higher and more secure defensive walls, organizations could provide more security with very simple measures: By eliminating simple misconfigurations in their own network.
Why complicated?
Major security incidents are making the headlines, like the recent SolarWinds hack, and you would think that cyber criminals are working on such major attacks day and night. In fact, such complex attacks are too difficult for most groups to implement. And the perpetrators see no reason to tackle the high challenges, even if it can be done in an uncomplicated way. Most companies take a step towards them - because simple misconfigurations by IT administrators can be found almost everywhere. Therefore, compromising a target with little effort is easy prey for a cyber criminal.
Cyber criminals are served access
Attacks that exploit incorrect settings are considered the “low hanging fruits” of cybercrime, as organizations often fail to apply systematic processes and guidelines to properly address vulnerabilities. Studies by ESG show that incorrect configurations of end devices are responsible for a full 27 percent of entry points. Malicious actors benefit from unsecured hardware, employees with unnecessary access to critical company resources, unpatched vulnerabilities and numerous other unnecessary loopholes. And the likelihood of misconfigurations continues to grow as companies move their workloads to the cloud. At the same time, the visibility of possible threats decreases, which of course further exacerbates the problem.
The most common misconfigurations
To do their job well, security teams need to assess risks and fix configuration errors quickly without disrupting ongoing IT systems. Easier said than done, however. IT administrators are overworked, have insufficient resources and the teams are usually understaffed, which means that they often incorrectly configure applications and components related to the operating system. Such errors often occur, for example, with Microsoft Office, SharePoint, ACTIVE_X and Windows Remote Management (WinRM). The COVID-19 pandemic has pushed remote access vulnerabilities and misconfigurations to the fore as preferred attack vectors for cyber security. Unsurprisingly, errors related to WinRM are now at the fore of incorrect Microsoft software settings. WinRM allows a user to interact with a remote system, run an executable (for example, install malware), change the registry or modify services, which makes this area very worrying and can lead to a serious cyber incident.
Incorrectly configured accounts open the door
Bitdefender data also shows that misconfigurations relating to accounts, password storage and password management are the most common on the endpoint with a share of 12,5 percent. An incorrectly preset user account opens the door for account takeover, spear phishing / BEC compromise, lateral movement, malware infection and data leaks. Most ransomware incidents arise as a result of a misconfigured component, an unpatched vulnerability, or a successful social engineering attack. Today, ransomware attacks are often accompanied by the threat of disclosing the stolen data. This means that companies also run the risk of data protection violations and possibly even penalties from the state. All because of a single misconfiguration or oversight that helped cyber criminals.
A risk analysis sharpens the view
In addition to the monitoring of endpoints, advanced platforms for endpoint security already offer advanced network analyzes, functions for cloud security and the assessment of the “human” risk factor. Very few platforms go a step further and provide a built-in risk analysis of the endpoint configuration to ensure that the settings are correct and up-to-date. There is a large gap here on most platforms.
Conclusion: not being an easy prey
Modern, high-performance platform for endpoint security offers not only the usual functions, but also the possibility of advanced risk analyzes of the endpoints. These analyzes help organizations to detect and secure misconfigurations before cyber criminals exploit them. The attackers are forced to invest more time - and are more likely to turn to other targets that are easier prey. Instead of spending more budget and staff, many organizations can easily increase the level of their IT security by doing their homework and ensuring the right attitude. Endpoint risk analysis tools help IT security teams make these vulnerabilities visible.
More on this at Bitdefender.de
[starboxid=19]