Key Points
Cybersecurity today matters so much because of everyone’s dependence on technology, from collaboration, communication and collecting data to e-commerce and entertainment. Every organization that needs to deliver services to their customers and employees must protect their IT ‘network’ - all the apps and connected devices from laptops and desktops to servers and smartphones.
While traditionally these would all live on one "corporate network" - networks today are often just made up of the devices themselves, and how they’re connected: across the internet, sometimes via VPNs, to the homes and cafes people work from, to the cloud and data centers where services live. So what threats does this modern network face?
Cybersecurity threats, or network security threats?
Many technical terms are used interchangeably. Some people say cybersecurity when they mean network security, and vice versa. Cybersecurity is the overall umbrella term. It involves securing everything in the network, from your endpoint devices to your data and the cables (or airwaves) and devices that connect them.
Network security historically focused on the actual network itself, which supported the various systems and applications. But when an attacker targets a network, what they’re really trying to access are its apps and data to disrupt business or steal valuable information.
Beyond the perimeter
This development of the 'network' concept has made traditional network security thinking obsolete. The perimeter is no longer just around the traditional on-premises network. It now extends to the SaaS applications used for business-critical workloads to the home office networks employees use to access corporate resources remotely. Data is now spread across a vast number of services, devices, applications and people.
This modern "network" is now commonly called your attack surface, and as it’s so much larger and more dispersed, it’s constantly under threat and hard to protect. As a result, network security has evolved into a ‘zero trust’ approach. This assumes there’s no perimeter, and therefore no such thing as a ‘threat-free’ environment, requiring all users, wherever they access from, to be authenticated and authorized before they can access applications and data.
But even with a zero trust approach, your network remains vulnerable to attack and it’s important to understand what and where your security threats are, so let’s look at them in more detail.
#1 Misconfiguration
According to recent research by Verizon, misconfiguration errors and misuse now make up 14% of breaches. Misconfiguration errors occur when configuring a system or application so that it’s less secure. This can happen when you change a setting without fully understanding the consequences, or when an incorrect value is entered. Either can create a serious vulnerability - for example, a misconfigured firewall can allow unauthorized access to an internal network, or a wrongly configured web server could leak sensitive information.
#2 Outdated software
Software and app developers constantly release updates with patches to cover vulnerabilities that have been discovered in their code. Applying patches to fix these vulnerabilities across an organization's entire network of devices can be time-consuming and complex to implement - but it is essential. If you don’t update your software, firmware and operating systems to the latest versions as they’re released, you’re leaving your network exposed. A vulnerability scanner will give you a real-time inventory of all the software which needs updating, as well as detect misconfigurations that reduce your security, so you can stay as secure as possible.
#3 DoS attack
The previous two threats are usually exploited to breach networks and steal information, but a Denial-of-Service (DoS) attack is meant to shut down your network and make it inaccessible.
This can be done by many means, either with malware, or by flooding the target network with traffic, or sending information that triggers a crash such as requesting overly complex queries that lock up a database. In each case, the DoS attack prevents customers or employees from using the service or resources they expect.
DoS attacks often target websites of high-profile organizations such as banks, media companies and governments. Though DoS attacks don’t usually result in the theft or loss of data, they can cost you a great deal of time and money to handle. A properly configured content delivery network (CDN) can help protect websites against DoS attacks and other common malicious attacks.
#4 Application bugs
A software bug is an error, flaw or fault in an application or system that causes it to produce an incorrect or unexpected result. Bugs exist in every piece of code for all sorts of reasons, from improper testing or messy code to a lack of communication or inadequate specifications documents.
Not all bugs are cyber security issues or vulnerable to exploitation where an attacker can use the fault to access the network and run code remotely. However, some bugs like SQL injection can be very serious, and allow the attackers to compromise your site or steal data. Not only do SQL injections leave sensitive data exposed, but they can also enable remote access and control of affected systems. This is just one example of a type of application bug, but there are many others.
Injections are common if developers haven’t had sufficient security training, or where mistakes are made and not code reviewed – or when combined with inadequate continuous security testing. However, even when all these things are done - mistakes can still happen, which is why it's still ranked as the #1 threat in the OWASP Top Ten Web Application Security Risks. Fortunately, many types of injection vulnerabilities (and other application level security bugs) can be detected with an authenticated web vulnerability scanner, and penetration testing for more sensitive applications.
#5 Attack surface management
Can you secure your business if you don’t know what internet-facing assets you own? Not effectively. Without a complete and updated inventory of internet-facing assets, you don’t know what services are available and how attackers can attempt to get in. But keeping on top of them and ensuring that they're being monitored for weaknesses isn't exactly a walk in the park as IT estates grow and evolve almost daily.
When companies try to document their systems, they often rely on manually updating a simple spreadsheet, but between configuration changes, new technologies, and shadow IT, they rarely know exactly what assets they own or where. But discovering, tracking, and protecting all these assets is a critical component of strong security for every business.
A vulnerability scanner is a dynamic, automated tool that can keep track of what’s exposed to the internet, and restrict anything that doesn't need to be there - like that old Windows 2003 box everyone’s forgotten about, or a web server that a developer spun up for a quick test before leaving the business…
It can also keep a constant watch over your cloud accounts and automatically add any new external IP addresses or hostnames as targets. And it can help with ‘asset discovery’ when companies need help finding their IP addresses and domains that they don’t even know about.
What does this mean for you?
Attackers use automated tools to identify and exploit vulnerabilities and access unsecured systems, networks or data - however big or small your organization. Finding and exploiting vulnerabilities with automated tools is simple: the attacks listed above are cheap, easy to perform and often indiscriminate, so every organization is at risk. All it takes is one vulnerability for an attacker to access your network.
Knowing where your vulnerabilities and weak points are is the first and most important step. If you spot your vulnerabilities early, you can address them before an attacker can exploit them. A vulnerability scanner is a cloud-based service that identifies security vulnerabilities in computer systems, networks and software. Vulnerability scanners provide a continuous service that searches for network threats and vulnerabilities - everything from weak passwords to configuration mistakes or unpatched software - so you can address them before attackers exploit them.
Vulnerability management made easy
Intruder’s network vulnerability scanner is powered by industry-leading scanning engines used by banks and governments across the world. It’s capable of finding over 140,000+ vulnerabilities and focuses on what matters, saving time with contextually-prioritized results. Our noise reduction only reports actionable issues that have a genuine impact on your security. See it in action below!
By scanning both your internal and external attack surface, we monitor your publicly and privately accessible servers, cloud systems, websites and endpoint devices. Fewer targets for hackers mean fewer vulnerabilities for you to worry about.
Organizations around the world trust Intruder’s vulnerability scanner to protect their networks with continuous security monitoring and comprehensive scanning. Get started with a 14 day free trial today.
Chris has over a decade of experience in cyber security working with the big four consulting and international finance organizations. He has provided counsel on the cybersecurity operations of numerous FTSE 100 companies, as well as blue teams defending critical national infrastructure.
.webp)
.webp)
