If it seems like cyberattacks have gone from bad to worse lately, the statistics agree. Some of the most compelling evidence yet comes from a recent study that analysed the cybersecurity investments, practices, and performance of 1,200 prominent organisations around the world. The study’s findings are published in a report entitled “Cybersecurity Solutions For A Riskier World,” this year.
The study doesn’t just document the mounting toll that malicious activity is taking on organisations. It digs deeper, delving into the root causes that make breaches possible. The four causes cited most often by affected organisations were:
The top causes of breaches, according to 1,200 organisations surveyed in “Cybersecurity Solutions For A Riskier World.” Note that the numbers don’t add up to 100% because respondents could select more than one cause.
What’s remarkable about this list is that all of these issues are the result of internal factors. They all stem from actions—or inactions—on the part of the organisations themselves. If the ultimate causes of breaches are internal, as the study makes clear, then so are the remedies.
Cybersecurity breach reason #1: Misconfigurations
Study respondents not only cited misconfigurations as a leading cause of breaches but also as a problem likely to increase in the next two years.
Configuration changes—whether you’re updating firewall rules, deploying new devices, adding new segments to existing networks, or modifying other settings—are a constant fact of life in network administration. Larger organisations may need hundreds of such changes per week.
Skybox Firewall Assurance can help avert all of these scenarios: It can review the configurations in place in firewalls, audit access rules, and gauge the risk. It does this automatically, rapidly identifying potentially hazardous configurations and providing the context needed to understand and remediate them. Automation eliminates the human element, offloads staff, and makes the whole process fast, reliable, and cost-effective.
Skybox Network Assurance can further assist by automatically assessing the state of the network and ensuring that firewall configurations comply with network policies.
Skybox Change Manager helps prevent new misconfigurations from creeping in during change cycles. It can orchestrate firewall change management workflows, evaluate the impacts and risks of proposed changes, validate policy compliance, and enforce proper review and approvals. It does all this automatically, ensuring rigorous, efficient, and timely execution, slashing change cycles by days or weeks.
Cybersecurity breach reason #2: Unknown assets
Unknown assets are a perennial problem in both IT and OT domains. Without complete visibility into their attack surface, many organisations are unaware of vulnerabilities and weaknesses that offer soft targets for cyber-attacks.
Skybox Network Assurance can help you find rogue devices and legacy equipment that have fallen off the radar—including assets that are difficult or impossible to scan (like many OT devices). It does this by pulling configuration data from firewalls and network devices (load balancers, routers, switches, access points), along with data from asset repositories such as CMDB or SCCM patch management tools, as well as other sources such HPNA and SolarWinds repositories. This data is automatically normalised and combined in a comprehensive network model. The model not only provides a holistic picture of known assets; it also reveals blind spots where undocumented assets may be hiding and where further exploration is warranted.
Cybersecurity breach reason #3: Human error
While human errors may seem like a permanent fact of life in organisations, Skybox policy management and change management solutions can minimise them in several important ways.
- By replacing fallible human actors with highly reliable automated mechanisms.
- By providing governance that helps people avoid mistakes in cases where human inputs are required and help ensure that mistakes are corrected before they go live.
- By enforcing access rules and network segmentation policies that limit the potential damage caused by some types of human errors
- By dramatically improving the speed and efficiency of processes such as change management, enabling staff to give their full attention where it’s most needed, and ensuring that important updates and fixes are implemented in a timely fashion.
Cybersecurity breach reason #4: Poor Maintenance/Cyber hygiene
Poor maintenance may result from inadequate or poorly designed processes, or it may stem from an inability to execute well-designed processes owing to staffing shortages and/or other resource issues.
The solution is a combination of automated checking and rigorous governance to ensure that rules and configurations are optimised and compliant with policies on an ongoing basis. Skybox Firewall and Network Assurance products are designed to do just that: collecting data from firewalls and network devices, validating rules and configurations, identifying risks, orchestrating reviews and other critical actions, and keeping key personnel informed and on task. In addition, Skybox’s comprehensive vulnerability management solutions can identify vulnerabilities in need of patching (including vulnerabilities that aren’t detectable with scanning alone).
Stopping breaches at the source
By addressing breaches at the source, organisations can take control of their destiny and push back against increasingly well-equipped threat actors. Those leading-edge organisations—that took what the report calls a “risk-based approach” experienced far fewer incidents and breaches over the last two years than did the average company surveyed in the study.
Citations
1. “Cybersecurity Solutions For A Riskier World,” Thoughtlab, May 2022.
Share
Skybox Security
Over 500 of the largest and most security-conscious enterprises in the world rely on Skybox® Security for the insights and assurance required to stay ahead of dynamically changing attack surfaces. At Skybox, we don’t just serve up data and information. We provide the intelligence and context to make informed decisions, taking the guesswork out of securely enabling enterprises at scale and speed. Our security posture management platform delivers complete visibility, analytics, and automation to quickly map, prioritize and remediate vulnerabilities across your organization. The vendor-agnostic platform intelligently optimizes security policies, actions, and change processes across all corporate networks and cloud environments. With Skybox, security teams can now focus on the most strategic business initiatives while ensuring enterprises remain protected.