Broken processes are the biggest cybersecurity threat to your organization

Security products can't save you from broken processes.

Many years ago, I read about a grimoire from the Middle Ages that contained a spell for summoning rats, with the basics of the spell consisting of throwing straw and dirty laundry in the corner of a room. Considering the sanitary conditions of the time, it's not hard to imagine that a pile of nesting material would lead to a rat infestation if not cleared.

Information security is the same thing; there's not really magic behind it, and much of the time, attacker opportunity is created by failure to perform due diligence.

In this year's annual report on top cybersecurity threats, Sandy Carielli and I approached some of the hottest trends in security, and surprisingly, what's getting exploited is often a failure of process and not technology. A few questions we ask in this research are:

  • Is API security just rebranding an old problem? While there's certainly nuance to enumerating API assets from a security perspective, the core issue is still that we're trusting client-supplied input.
  • How do you reduce the opportunity for adversaries to deploy ransomware? We're frequently speaking to incident responders about this issue, and ransomware, to a large extent, seems to be a crime of opportunity. For most organizations, patching systems and locking down remote access properly is going to make you less convenient than hitting someone else.
  • How are policy exceptions being targeted by adversaries? It's not uncommon to do things like creating exceptions for legacy protocols that bypass multifactor authentication requirements. Unfortunately, our adversaries likely have been in similar situations and know how common this is — so your security through obscurity isn't quite so obscure.

This post was written about Principal Analyst Josh Zelonis, and it originally appeared here