A new cloud security ops goal for 2023? Start thinking like an attacker.
If you’ve never thought about what it would be like to try to break-and-enter into your own organization’s cloud infrastructure – like really, truly thought about it – we’re here to say that it might not be a bad idea.
For example, which specific assets would you look at first? Which ones are your most weakly protected? Do you even know about all of the assets out there tied to your organization?
Of course, the point of thinking like an attacker isn’t to cause harm. It’s to gain an outside-in perspective on your security posture, and in turn, learn where you need to bolster your defense. It’s a way to be proactive about potential threats vs. reactive, and when you do that, you minimize the chance of an actual threat occurring. (And avoid that “it-doesn’t-get-worse-than-this” feeling when you have to tell your CISO that your company’s just been breached.)
But if you’re not convinced, here are three reasons to try a think-like-an-attacker approach in the New Year. And if you’re interested in learning more, download a copy of our latest ebook for cloud security teams.
Reason #1: Protecting the cloud is inherently a little more complex.
As more assets move from fixed IP addresses to the ephemeral cloud, it’s increasingly challenging for security teams to manage and inventory what they own. Whereas server infrastructure was once protected behind a network perimeter or firewall, organizations now have hundreds to thousands of cloud accounts, each of which can have internet-facing points of entry. Then there are all of the cloud accounts that were spun up or never decommissioned by rogue (but likely well-meaning) employees who acted without IT’s knowledge.
In fact, 43% of all assets in Censys customer attack surfaces were initially unknown to the organization. That’s a lot of attack surface left unprotected.
Reason #2: Attackers are becoming more sophisticated; your security efforts should be, too.
When it comes to proverbial breaking and entering, attackers are savvier than ever (i.e. social engineering, sophisticated credential hacking). The pace of their breaches is also increasing. According to Forbes, the average number of cyberattacks and data breaches increased 15% between 2020 and 2021. We also know consequential outcomes like customer data loss, reputation damage, and monetary loss are already keeping security leaders up at night (Paradoxes, Inc.). Yet, the majority of surveyed CISOs (76%) say their cloud security strategy still isn’t measuring up (Paradoxes, Inc.). As a security pro, your CISO is likely looking to you to help bridge this gap and make sound recommendations for getting cloud strategy up to speed.
Reason #3: Traditional, reactive security tactics can fall short.
Many cloud security tools like Cloud Security Posture Management and Cloud Security Asset Brokers do a fair job of monitoring assets that are already known to organizations. But when it comes to identifying and monitoring the ones the organization doesn’t don’t know about, they can fall short. And these overlooked assets are the ideal starting points for attackers. A study from Enterprise Strategy Group found that 69% of organizations have experienced at least one cyberattack that started by exploiting an unknown, unmanaged, or poorly managed internet-facing asset.
Attack surface management solutions, however, provide full, ongoing visibility into the entirety of your cloud assets – including those you weren’t previously aware of. That’s of course where we at Censys come in. You can learn all about how Attack Surface Management helps you protect your cloud here.
In short, protecting your cloud environment is simply too important to leave to traditional, reactive approaches. Adopting a more proactive mindset, by “thinking like an attacker” (and leveraging tools like attack surface management), can help you defend your cloud with confidence (and help your CISO sleep a little easier at night).
Read the Ebook