AWS Public Sector Blog
The Five Ways Organizations Initially Get Compromised and Tools to Protect Yourself
A guest post by Tim Rains, EMEA Regional Leader Security & Compliance, Amazon Web Services
Over the years, many organizations’ on-premises IT infrastructure have been compromised. Often times, organizations are left defending infrastructure, data, and people without understanding who is attacking them and why.
But the silver lining is that attackers often use the same tactics to try to initially compromise their targets. Knowing the ways that attackers try to get a foothold in your environment can help you defend it better.
The five ways organizations initially get compromised are:
- Unpatched vulnerabilities
- Security misconfigurations
- Weak, leaked, stolen passwords
- Social engineering
- Insider threats
Unpatched vulnerabilities
Vulnerabilities are weaknesses in software and systems that, if left unaddressed, attackers can exploit to compromise the confidentiality, integrity, or availability of systems and data. Attackers look for vulnerabilities or combinations of vulnerabilities that allow them to take full control of systems, which might allow them to get further inside an organization’s IT infrastructure. A well-managed vulnerability management program can be effective at preventing attackers from discovering and exploiting vulnerabilities in your infrastructure.
AWS provides several tools that can help make vulnerability management programs successful, including Amazon Inspector and AWS Systems Manager Patch Manager. The AWS Marketplace also has several third-party vulnerability management tools.
Security misconfigurations
Like security vulnerabilities, systems that have been misconfigured sometimes enable attackers to compromise those systems. A well-managed vulnerability management program can mitigate this threat. By investing in a vulnerability management program, you get a “two for one,” as it will help address vulnerabilities and security misconfigurations. Amazon Inspector and AWS Systems Manager Patch Manager, as well as AWS partner offerings in the AWS Marketplace, can help find and address security misconfigurations.
Weak, leaked, stolen passwords
Passwords are currency to bad guys. Once a password is leaked or stolen, the bad guys will sell it or trade it for other things they value. Massive lists of leaked and stolen passwords are sold on the Internet.
Using weak passwords that can be easily guessed make it easy for attackers to compromise an organization. Equally risky is using the same password on multiple systems. When the bad guys get leaked or stolen credentials, they immediately try to login to online banks, e-commerce sites, and social media sites.
AWS offers tools like Multi-Factor Authentication (MFA), rich password policy capabilities, and detailed guidance to help effectively manage passwords.
Social engineering
Attackers rely heavily on their ability to trick people into making poor trust decisions. The tricks include phishing emails, malicious email attachments, malware, malicious websites, and even phone calls from fake technical support or law enforcement organizations.
The ways organizations protect themselves from social engineering can be equally varied. Using email filtering services, URL filtering on proxy servers and firewalls, anti-virus software on endpoints and email services, and the vulnerability management program can all help blunt social engineering attacks. Perhaps the most effective mitigation is educating information workers on social engineering so they can recognize attackers’ tricks when they see them.
The key to social engineering is to develop detection capabilities that help the organization detect a compromise as quickly as possible and reduce response time. AWS provides a level of visibility and control that can’t be accomplished in on-premises IT environments. Amazon GuardDuty can help dramatically reduce the amount of time it takes to detect a compromise.
Insider threats
People that have trusted access to an organization’s assets can also be a threat to the organization. For example, people can make mistakes that have security consequences, like unintentionally misconfiguring a system or clicking on a malicious link in an email. Another type of insider threat is the very small percentage of people with privileged access to an organization’s resources that decide to abuse that privilege.
AWS provides tools and capabilities that can help identify when insiders make mistakes or misbehave. For example, Amazon GuardDuty can help detect indicators of compromise. Another example is AWS CloudTrail, which records all the API activity that happens within AWS accounts. This information can be analyzed in different ways, including using an organization’s Security Information and Event Management (SIEM) system, to identify indicators of compromise.
Getting Good at the Fundamentals
These five ways that organizations get compromised can also be seen as the “cybersecurity fundamentals.” Organizations that get good at the cybersecurity fundamentals make it much harder for attackers to be successful. Focusing on the fundamentals will pay the highest security returns to your organization.
AWS can help your organization address the cybersecurity fundamentals and to build more advanced cybersecurity capabilities. One good place to start is by checking out the portfolio of security, identity and compliance products that AWS offers.