Reports showed that there has been an increase in ransomware events in the past year. Verizon’s 2022 Data Breach Investigations Report saw an increase of 25% in overall attacks in 2021. Cyber security events are more debilitating for organizations today that operate on a highly interconnected capacity, resulting in broader attack surface, making cyber resiliency even more urgent.

The State of Cyber Security Today

In the last few years, organizations underwent a digital transformation that resulted in extremely interconnected apps, clouds, services, workloads, users, and devices operating in multi-cloud and hybrid environments. While this transformation contributed to convenience for end users, it has made organizations and enterprises more vulnerable to cyberattacks.

With the plethora of apps and databases and digital services that a singular enterprise employs today, cyber security leaders must oversee and control a wider breadth of vulnerable surface to avoid attacks. However, it is not just the attack surface that they need to oversee. They must also be aware of the beneath-the-surface relationships between applications. Due to their interconnectedness, a successful cyberattack on one asset could compromise others, if not the whole system. Enterprises must, then, find a way to minimize vulnerabilities such that the rest of the system can operate safely even after an asset has been compromised.

Attack Surface Management

A solution to the increased vulnerability due to wider attack surfaces is attack surface management. This new cyber security strategy involves mapping relationships within the business systems, automating the discovery of security coverage gaps, therefore allowing organizations to mitigate risk. With attack surface management, organizations can implement preventative policies and plans that protect the system as a whole and minimize tendencies to overlook some vulnerabilities.

Here are some steps enterprises can take to start implementing attack surface management:

Evaluate new vendors carefully, ensuring that they have secure third-party integrations and exposed interfaces.

Implement reporting standards. Take full advantage of CISO standards to map out new assets, vulnerabilities, tickets they addressed and attacks foiled, and the attack surfaces associated with critical business functions.

Emphasize the need for transparency in app creation, third-party access, and identity management.

Keeping Up With Ever-changing Tides

Protecting and managing your attack surface is crucial in today’s cyber security climate. Enterprises can protect their increasingly interconnected systems with passwordless authentication. Nok Nok Inc’s passwordless authentication systems integrates well with attack surface management strategies. This system enables users to sign in across platforms and apps securely without the need for passwords, which are so easy to steal. Our passwordless authentication protects entire cyber ecosystems from attacks. These are supplemented by multifactor authentication so that even if a password is compromised, other assets remain safe. Learn more about Nok Nok Inc’s products here.

Remote work is the present. Over 97% of workers prefer working remotely, and more employers are starting to embrace remote work. However, for cyber security leaders, remote work means more cyber security risks. Traditionally, IT professionals relied on VPNs to safely give employees access to company data and apps. However, VPNs are no longer suitable for the modern hybrid workplace. The key? Password free, zero-trust security.

Why VPNs Are No Longer Enough

Virtual private networks or VPNs were once the height of privacy and security over the Internet. The encrypted connection protects organizations’ networks while allowing employees to exchange information digitally through trusted computers. However, with the rise of remote work and the practice of “bring your own device” or BYOD, VPNs have become an easy target for hackers.

With employees bringing their own devices to work, IT administrators can no longer monitor how safe the devices are. So, when a compromised device or credential gets access to a VPN network, the entire network becomes compromised as well. Sometimes, it takes years for IT administrators to notice that their network has been compromised, meaning that their data (and that of their clients) are leaked continuously for years.

Apart from that, VPNs simply no longer fit the modern workplace set up. Keeping a VPN network has become costly and time-consuming, resulting in poor user experience. It is costly for IT administrators to check and ensure that each device can be trusted. For organizations with remote workers in different geographical areas, they will need to establish additional VPN servers in these employees’ locations.

A Modern Solution: Zero-Trust Approach

A zero-trust security model removes trust on all devices, and requires all users inside or outside the network to be authenticated, authorized, and validated before being granted any access to the organization’s data. This minimizes instances of misuse and compromised credentials.

This type of security framework turns a decentralized IT network into an advantage. By requiring continuous vetting for every attempt to access the network, zero-trust is able to limit the access of a hacker, and, therefore, the impact of a data breach. IT administrators will also be able to detect a breach right away and respond right away.

Password Free Approach To Security

The zero-trust approach is best implemented with password free authentication. KBA-based authentication tends to be burdensome to the users and easy targets to hackers. By replacing passwords with key-based authentication, organizations enjoy 99.5% sign-in success rates, 78% sign-in speed increases, and increased security overall across employee and customer logins.

Check out Nok Nok products to learn more about how password free authentication fits your organization.

After a slew of cyber security attacks since late 2021 on top US companies and federal agencies, the House Appropriations has made the critical decision to fund additional cyber security initiatives. Data breaches and theft are a serious problem that has plagued organizations and individuals alike, especially government institutions. This move is a potentially transformational step for the US that will enable them to advance private and public security technologies.

$15 Billion Allotment For Cyber Security

House Appropriations marked $15 billion for cyber security spending for the fiscal year 2023. These investments came as a response to President Biden’s executive order urging federal agencies to improve security standards. The executive order focuses on improving information sharing between government agencies and private sector companies and urging agencies to adopt a zero-trust policy that includes the FIDO Alliance specification, in addition to boosting preventative measures.

CISA or Cybersecurity and Infrastructure Security Agency, a civilian organization, received $2.9 billion, $417 million more than the amount requested by the Biden administration. This investment is bound to supplement key services that CISA provides to other federal agencies under the National Cybersecurity Protection System. Key services include continuous diagnostics and mitigation, endpoint detection, FIDO Webauthn and so on.

The House Appropriations has allotted $11.2 billion for the Defense Department, which comes with a request to study ways to collaborate more with CISA. Lawmakers asked the department to support CISA with responding to intrusions from Russia and China.

Other departments were also awarded funding aimed to help them improve their security capabilities, to support research and engineering, and even recruit and train future cyber security professionals (in the case of the National Science Foundation).

The different agencies awarded additional funding each have cyber security departments tasked with protecting them from security attacks. The additional funding allotted by the House Appropriations would empower these agencies. Strengthening the agencies’ cyber security capabilities would serve as the building blocks that would ultimately fortify the security of the nation.

Stronger Defenses For The Nation

As technology development continues to progress, cybercrime technology also evolves, making the need for modern cyber security to also evolve at a much faster rate. These risks and threats are becoming more and more complex, which is why Nok Nok Inc, along with the global FIDO Alliance, continues to push for safer cyber security measures to protect end-users. Our passwordless authentication through FIDO-based biometric authentication methods is a crucial step toward stronger security for organizations. Learn more about Nok Nok’s products here.