Remember the movie when the girl who is home alone is getting increasingly threatening phone calls (mixed with movie trivia), and we then realize that the Threat Actor is ultimately calling from inside the house? Though much more plausible now with the ubiquity of mobile phones, the idea that the danger is already inside is what makes that particular premise chilling, and it isn’t too far from cyber reality.
October isn’t just the height of Spooky Season; it’s also Cybersecurity Awareness Month. So today, we’re sharing a lesson from one of our favorite urban legends / scary movies and an often-forgotten aspect of cybersecurity – Compromise Assessments, or what we like to call; how to determine if the call is coming from inside the house.
Aren’t we supposed to keep threat actors out?
Absolutely. The broad understanding most people have of cybersecurity is that it means keeping the bad guys out. Even the Cybersecurity Infrastructure & Security Agency (CISA) defines cybersecurity as “the art of protecting networks, devices, and data from unauthorized access or criminal use.” Arguably this is the overarching goal for security-minded organizations. Still, it neglects the possibility of threat actors already having a way into the organization’s infrastructure, which is more common than many realize.
Let’s take a step back.
Whether building new cybersecurity infrastructure or reviewing the effectiveness of existing systems, it’s important to remember that even though your efforts are to develop secure walls around your cyber-house, technology connections to the outside world exist, and likely have for many years. As a result, the potential for threat actors to have taken up residence or at least built a point of entry is more than plausible. Spoiler Alert: this is also why third-party vendor security assessments are also an important element of a comprehensive program.
For many years threat actors targeted industries with large amounts of personal data, such as financial services or healthcare-related companies. Now, because a supply and demand economy works even for threat actors because so much personal information is so widely available, they have switched to new, more lucrative targets – manufacturers and public entities. These industries are increasingly reliant on a host of technologies to function and are willing to pay to get back online quickly in the event of a breach. While financial services and healthcare organizations have been under the cybersecurity microscope longer, their security programs tend to be more mature. Across other industries, IT teams are making strides to develop or tweak their security programs to keep threat actors out.
Starting or enhancing a security program in our connected world isn’t as easy as building a fence around your proverbial house. First, you need to understand the reality of your current environment. This is where a Compromise Assessment comes in.
To Assess or to PenTest, that is the question.
As organizations look to shore up their cybersecurity vulnerabilities or take a proactive approach to security, the first step is typically a Penetration Test to determine if a bad actor can get in. But, according to JT Gaietto, Digital Silence’s Chief Security Officer, that may not be the best starting point, “if you haven’t spent time building a comprehensive program, odds are we’re going to compromise you. That doesn’t tell you how to make things better; it doesn’t tell you if something has already happened.”
In terms of securing your cyber-house, a Pen Test is akin to turning the knob on the front door and checking to see if windows are unlocked as potential entry points. It doesn’t tell you if someone has used a window to get in the house, and it doesn’t tell you how to lock the windows. Without these pivotal pieces of information, it can be challenging for IT teams to appropriately set priorities in balance with all their organizational responsibilities. A Compromise Assessment is a full house sweep that not only shares who may be lurking in the system, as well as identify several insider threats, but will also provide how to remediate any concerns.
How does it work?
A Compromise Assessment is relatively straightforward when working with a cybersecurity partner like Digital Silence. First, our experienced team sits down with you to understand your digital ecosystem and expectations for the project. Then we deploy a monitoring tool for a pre-determined time, usually 30-60 days, to observe activity in your network. During the observation period, we look for bad behaviors, odd connections, or anything that just seems a little off. After the monitoring period, we provide a report explaining the activities we observed and what we recommend to secure your environment better.
What are the benefits of a Compromise Assessment?
In-house IT teams face numerous challenges: competing initiatives, limited budgets, and limited resources. Having an external partner step in for a compromise assessment can help in several ways.
First, it’s a nearly turn-key solution, with most of the effort happening without significant impact on other IT projects.
Second, in addition to identifying outside threat actors that have created a door into your infrastructure, a Compromise Assessment can also identify opportunities to tidy up digital hygiene or discover under-utilization of Admin tools.
Partnering with a cybersecurity firm also helps your team focus on the most critical items in the assessment rather than having to review each individual alert. This sometimes means taking 1,000+ potential alerts and distilling them down to a dozen for the in-house team to review. That noise reduction alone saves you hours of valuable time.
As we mentioned, the resulting report helps in-house teams identify the most critical aspects of the current security system to address without the burden of the investigative process. In addition, depending on the partner you choose, you may also receive benchmark reporting that helps you understand where your security ranks among like organizations.
The goal of a Compromise Assessment is to be proactive, but sometimes this proactive approach becomes more defensive than planned. The team can pivot to Incident Response and remediation if we recognize a threat actor in the system. Compromise Assessment can also be the jumping-off point for long-term efforts. Organizations can keep the software running for continuous monitoring, alerting you to a potential threat before it becomes a problem.
It’s no surprise that when looking at a Compromise Assessment’s cost/benefit analysis, we know it is a worthwhile investment in an organization’s cybersecurity. The results of a Compromise Assessment can identify potential threats saving significant costs from ransomware or data breaches; help in-house IT teams make targeted, informed decisions on priorities; and even help in the cybersecurity renewal process or reduce the insurance cost.
Whether you’re just starting out in your cybersecurity strategy or looking to enhance your current efforts, consider looking inside your house before you start building walls to keep bad actors out. Because when the phone rings with a security incident, the caller is inside the house, and they have likely been lurking for longer than you think.