Visibility: Key to Properly Mapping Risk Surface

You can watch the video of this panel here.

Identifying the total number of vulnerabilities an unauthorized user can use to access a system and steal data, also known as the risk surface, should be the cornerstone of a good cybersecurity strategy, agreed panelists at Mexico Cybersecurity Summit 2021, held on June 16. During the “Technological Risk Surface has Increased. Are We Analyzing and Monitoring It?” panel, cybersecurity experts discussed what aspects increase vulnerability and how can companies reduce them.

“Users are often the weakest part of a company’s technology chain, but they can also be the strongest barrier against cyberattacks,” explained Enrique López, Cybersecurity Director of INVEX. For a successful strategy, companies need to “understand that people need to become a part of a holistic cybersecurity strategy that reacts proactively to any possible risk.”

As people and companies use the cloud or social media apps, the risk surface expands. And while companies might take proactive strategies to protect their institutional data, “they put little attention and have little control on the employee’s life outside the office,” said López. For that reason, making employees aware of the risks they face is critical to a company. “Without awareness, people can leak professional and even personal information to other companies and even other countries.”

Threats can also come from a network’s connections because it is often shared with other devices, explained Diego Armando Fernandez, CISO of Interprotección. For that reason, companies should take measures to protect employees’ information even while they are not on the clock. Poor protection of data often exposes a company’s priorities, explained Fernando Fragoso, Channel Solutions Engineer of F5, as some are only concerned with business continuity.

The risk surface can increase through one of the most common technological tools companies and individuals are using today: the cloud. “The cloud is also linked to our digital footprint, which oftentimes leaves us more exposed to criminals as it gives them a wider window of opportunity to access our data,” said Ernesto Rosales, Director Managed Service of Data Warden. “Our digital footprint reveals the information we have or use, so a breach gives criminals complete visibility of our information. But users and even some companies are unable to detect how vulnerable they are.”

Lack of visibility of potential vulnerabilities is a common issue that does not receive much attention, added Erick Ayala, Business Development Manager of Data Warden. Poor visibility is a problem because “it means we do not have control of our digital infrastructure because it is a service provided by a third party.” This is specially the case as employees began working from home. “With the change in workspaces, the vulnerability increases because employees share the network with others, putting their business computers at risk,” said Ayala. “After COVID-19, the number of cyberattacks increased but there are business partners that help to implement security solutions and to strengthen those already in place.”

Visibility is also essential for cybersecurity because it supports the integration of solutions, added Fragoso. “Visibility is key for cybersecurity, without it we are blind, unable to create policies to respond to possible attacks. Clients are taking their services to the cloud at an accelerated pace but the cloud can generate information gaps we are not seeing.” There are numerous tools that give visibility in the cloud and also provide valuable data that allows companies to integrate other processes and facilitate decision-making. However, there is no “one size fits all” solution. “We must understand that each company has different business processes. Understanding them helps us to identify the data to monitor within our business.”

Fernandez warned that within the integration of the cloud and other tech tools requires for a 360° visibly. “Companies must be aware of the dangers of falling into an accidental hybrid cloud, therefore, they must have the right attention protocol.”

To reduce the risk surface, companies should “identify its critical processes and the areas that will be hurt the most in an attack, as this is the approach a criminal would take,” said López. Through continuous monitoring, companies can detect security breaches but they will also require first generation tech to analyze behaviors in real time.

Rosales also urged companies to think as an attacker, who is monitoring the business at all the times. “Companies must implement an internal approach following the principles of the Center for Internet Security (CIS) and focuses on limiting the control of hardware and software assets, manages vulnerabilities, provides a controlled use of privileged access, validates identities and secures hardware and software configuration,” he said. Companies should also develop an incident response management strategy and implement constant network testing, added Rosales.

The risks of not being protected are many, explains Ayala: “In the financial sector, the loss of user’s financial information can be catastrophic.” Companies also risk damaging their reputation and future revenue. “For instance, companies that sell online will lose a large amount of potential sales if they are attacked during peak times,” said Ayala.

Operational costs can also be really damaging, Fragoso adds, “which is why is more relevant to prevent than to correct when it already happened.”

Rosales recommends a constant monitoring and visibility, “Live reporting of what is happening at an internal level is a must, on the contrary, companies can lose customers and even their entire business, depending on the impact of the attack.” For that reason, investing in tools that protect information at all levels is a need.