Page 150 - Cyber Defense eMagazine April 2023
P. 150

deliver software as a service, you are responsible for its security. This will lead to many changes in
            software development and application security. It turns out the DevSecOps debate is only getting started.

            Another example of rethinking risk is the sudden collapse of Silicon Valley Bank. Is your money safe in
            the bank? That is the ultimate reevaluation of risk. One anecdote from the weekend of worry drove home
            how connected, and vulnerable, we are. It was a small business owner who had no banking relationship
            with Silicon Valley Bank. He would not be able to make payroll. Why? His payroll firm was a client of the
            bank, and the payroll funds froze. As Tony Dwyer, Canaccord Genuity’s Chief Market Strategist said in
            a note to investors, “The risk is not in what you can see, it is in what you cannot see.”

            When it comes to securing your organization, how should you be thinking about risk right now? What are
            you not seeing? The first thing to understand is risk extends far beyond the assets of your organization.

            Digital transformation drives growth. It also increases cyber risk. As your organization leverages third-
            party infrastructure and SaaS apps and becomes more connected, you also become more vulnerable.
            Their security is now your problem. You are in a similar position to that small business owner and his
            payroll vendor.


            Now is the time to get proactive about risk reduction. One of the most impactful things you can do to
            reduce risk is to reevaluate your extended attack surface. Here are three proactive things that you can
            do to frustrate threat actors and reduce risk facing your organization.

               •  Map external risks that put your organization in danger. Always be ready to answer the question:
                   what assets do we have out there, and what are they connected to or reliant on? Then, if any of
                   these create an attack path, block it.
               •  Unused and abandoned assets are an attack surface goldmine for cyber attackers. Often these
                   assets have access to sensitive systems and data. It is best practice to remove assets as soon
                   as possible when no longer used or necessary.
               •  Speaking of best practices, patching your infrastructure remains a missed opportunity. It’s also
                   one of the simplest vulnerabilities to mitigate.

            We are all thinking about risk right now. For those responsible for cybersecurity, the challenges are many.
            With an understanding of your true extended attack surface, you can take these proactive steps to reduce
            risk.



            About the Author

            Marc Gaffan is CEO of  IONIX, formerly Cyberpion, the leader in Attack Surface
            Management.  With  a  focus  on  building  and  scaling  companies,  Marc  has  led
            startups to become industry leaders with thousands of worldwide customers. Marc
            has 20 years of cybersecurity experience, most notably founding Incapsula, growing
            the company to $100M ARR, and its acquisition by Imperva. Marc can be reached
            at  https://www.linkedin.com/in/marc-gaffan/  or  at  our  company  website
            https://www.ionix.io.






                                                                                                             150
   145   146   147   148   149   150   151   152   153   154   155