Published: 31 March 2016
By Andy Harris
Recently we've come across this research from the World Economic Forum here. Here we've reworked the data to show both the risks in terms of impact and probability along with the trends:
We've faded down all the non-technical risks and shown to top right quadrant. To some this obviously shows that cyber attacks should be the board's primary concern, to us it shows that risk is very high, very probable and set to get worse.
But that single blob representing cyber attacks is great for 'board based fear factor', however it doesn't help the teams that have to deal with security (apart from easier budget justifications). Those teams need the detail - what are the attack vectors? what attacks are being successful and how are they blocked?
SIEM solutions can generate a lot of noise, especially when left static, they may be optimised to alert particular types of attack, but as these attacks change the real data can be lost in noise. Of course this is just the progression of 'log all the things', 'patch all your servers' and 'keep up to date'.
At Osirium we propose an additional strategy: 'reduce your attack surface'. You'll notice from the Killchain diagram that all attacks have to go through the escalate privileges stage. 99.9% of attacks do so by gaining access or control of Privileged Accounts. That's where Osirium helps. It separates people from passwords (PUM), and with it's task scheme (PTM) many people will never need access to a Privileged Account. Since the biggest attack vectors are the vulnerabilities of User's workstations and the phishability of the users themselves we'd say that Osirium was a major contribution to Cyber Safety.