WEBVTT

1
00:00:00.000 --> 00:00:01.350
In this lesson,

2
00:00:01.350 --> 00:00:05.370
we will learn about the Organizational Attack Surface.

3
00:00:05.370 --> 00:00:08.370
The Organizational Attack Surface encompasses

4
00:00:08.370 --> 00:00:10.770
the vulnerabilities associated

5
00:00:10.770 --> 00:00:14.250
with an organization's external relationships

6
00:00:14.250 --> 00:00:17.760
and its public facing digital footprint.

7
00:00:17.760 --> 00:00:21.120
Organizational attack surface concepts include

8
00:00:21.120 --> 00:00:25.560
the enumeration and discovery of third party connections

9
00:00:25.560 --> 00:00:28.260
and the enumeration and discovery

10
00:00:28.260 --> 00:00:32.100
of an organization's public digital presence.

11
00:00:32.100 --> 00:00:35.820
The enumeration and discovery of third party connections

12
00:00:35.820 --> 00:00:38.280
involves identifying and assessing

13
00:00:38.280 --> 00:00:41.340
all external entities that have access

14
00:00:41.340 --> 00:00:44.820
to the organization's systems or data.

15
00:00:44.820 --> 00:00:46.650
The enumeration and discovery

16
00:00:46.650 --> 00:00:50.250
of public digital presence focuses on mapping

17
00:00:50.250 --> 00:00:54.660
the organization's online assets, including websites,

18
00:00:54.660 --> 00:00:59.010
social media accounts, and publicly accessible systems

19
00:00:59.010 --> 00:01:03.240
to identify potential exposure points that could be targeted

20
00:01:03.240 --> 00:01:04.620
by an attacker.

21
00:01:04.620 --> 00:01:06.990
Let's learn more about the enumeration

22
00:01:06.990 --> 00:01:11.730
and discovery of third party connections and the enumeration

23
00:01:11.730 --> 00:01:16.350
and discovery of an organization's public digital presence.

24
00:01:16.350 --> 00:01:18.750
First, we have the enumeration

25
00:01:18.750 --> 00:01:22.200
and discovery of third party connections involves

26
00:01:22.200 --> 00:01:26.730
identifying all external entities such as vendors,

27
00:01:26.730 --> 00:01:30.090
partners, and service providers that have access

28
00:01:30.090 --> 00:01:33.690
to an organization's systems or data.

29
00:01:33.690 --> 00:01:37.350
These third party connections extend an organization's

30
00:01:37.350 --> 00:01:41.370
attack surface by adding external points of access

31
00:01:41.370 --> 00:01:45.210
that if compromised could directly impact

32
00:01:45.210 --> 00:01:47.550
the organization's security.

33
00:01:47.550 --> 00:01:51.420
Identifying these connections allows an organization

34
00:01:51.420 --> 00:01:55.290
to assess the security posture of the third party.

35
00:01:55.290 --> 00:01:58.170
This is important because the third party security

36
00:01:58.170 --> 00:02:01.920
practices may differ and a breach in one

37
00:02:01.920 --> 00:02:05.730
of the third party systems could grant attackers access

38
00:02:05.730 --> 00:02:09.480
to our organization's sensitive assets.

39
00:02:09.480 --> 00:02:13.500
So third party connections present unique risks

40
00:02:13.500 --> 00:02:15.180
that must be managed.

41
00:02:15.180 --> 00:02:19.200
For instance, in the target breach of 2013,

42
00:02:19.200 --> 00:02:21.570
attackers infiltrated the network

43
00:02:21.570 --> 00:02:25.680
by compromising a third party HVAC vendor.

44
00:02:25.680 --> 00:02:29.760
The vendor had access to target's network to manage heating

45
00:02:29.760 --> 00:02:31.260
and cooling systems,

46
00:02:31.260 --> 00:02:35.370
but once attackers are breached the vendor systems,

47
00:02:35.370 --> 00:02:38.610
they use this connection to infiltrate target's

48
00:02:38.610 --> 00:02:40.710
point of sale systems.

49
00:02:40.710 --> 00:02:43.350
This allowed attackers to steal millions

50
00:02:43.350 --> 00:02:45.600
of customers credit card details

51
00:02:45.600 --> 00:02:47.490
and personal information

52
00:02:47.490 --> 00:02:51.780
as customers swipe their credit cards at the target stores.

53
00:02:51.780 --> 00:02:55.800
Third party breaches like this are particularly challenging

54
00:02:55.800 --> 00:02:59.730
because they involve external parties making, monitoring

55
00:02:59.730 --> 00:03:02.970
and managing access much more complex,

56
00:03:02.970 --> 00:03:04.680
and highlighting the importance

57
00:03:04.680 --> 00:03:07.920
of securing third party relationships.

58
00:03:07.920 --> 00:03:10.260
To mitigate the risks associated

59
00:03:10.260 --> 00:03:12.210
with third party connections,

60
00:03:12.210 --> 00:03:16.020
organizations should regularly audit these relationships

61
00:03:16.020 --> 00:03:17.880
to confirm that each connection

62
00:03:17.880 --> 00:03:20.880
is still necessary and secure.

63
00:03:20.880 --> 00:03:22.800
Tools like vendor security

64
00:03:22.800 --> 00:03:27.270
and risk management software monitor vendor security levels

65
00:03:27.270 --> 00:03:30.090
and provide insights into vulnerabilities

66
00:03:30.090 --> 00:03:32.040
within these connections.

67
00:03:32.040 --> 00:03:35.490
Additionally, implementing network segmentation

68
00:03:35.490 --> 00:03:37.470
and zero trust principles

69
00:03:37.470 --> 00:03:41.580
for third party access can limit the potential damage

70
00:03:41.580 --> 00:03:44.760
from a compromised connection while automated

71
00:03:44.760 --> 00:03:49.590
access revocation tools such as Okta Lifecycle Management

72
00:03:49.590 --> 00:03:53.190
or Cyber Arc can ensure timely termination

73
00:03:53.190 --> 00:03:57.450
of third party access when it is no longer needed.

74
00:03:57.450 --> 00:04:01.080
Second, we have the enumeration and discovery

75
00:04:01.080 --> 00:04:04.590
of an organization's public digital presence

76
00:04:04.590 --> 00:04:08.520
involves identifying and mapping online assets

77
00:04:08.520 --> 00:04:11.700
like websites, social media profiles,

78
00:04:11.700 --> 00:04:14.490
and publicly accessible systems.

79
00:04:14.490 --> 00:04:18.090
This process helps the organization understand

80
00:04:18.090 --> 00:04:20.430
its external digital footprint

81
00:04:20.430 --> 00:04:23.130
and spot potential exposure points

82
00:04:23.130 --> 00:04:25.920
that attackers could take advantage of.

83
00:04:25.920 --> 00:04:29.520
A complete digital presence inventory ensures

84
00:04:29.520 --> 00:04:31.530
that the organization is aware

85
00:04:31.530 --> 00:04:35.190
of all publicly visible assets, allowing it

86
00:04:35.190 --> 00:04:40.170
to secure these points of exposure against a cyber threat.

87
00:04:40.170 --> 00:04:44.220
An organization's public digital presence is highly relevant

88
00:04:44.220 --> 00:04:46.080
to enterprise security

89
00:04:46.080 --> 00:04:50.010
because it is the frontline facing external threats.

90
00:04:50.010 --> 00:04:53.760
For example, a company may have several social media

91
00:04:53.760 --> 00:04:56.040
accounts and web applications,

92
00:04:56.040 --> 00:05:00.000
some of which might be outdated or misconfigured.

93
00:05:00.000 --> 00:05:04.200
These exposed assets are prime targets for attackers,

94
00:05:04.200 --> 00:05:08.850
who may try to exploit vulnerabilities in outdated software

95
00:05:08.850 --> 00:05:11.850
or take advantage of neglected accounts

96
00:05:11.850 --> 00:05:15.120
leading to brand damage, data theft,

97
00:05:15.120 --> 00:05:18.060
or unauthorized system access.

98
00:05:18.060 --> 00:05:22.680
So to protect an organization's public digital presence,

99
00:05:22.680 --> 00:05:25.320
regular digital asset inventories

100
00:05:25.320 --> 00:05:28.350
and security audits are essential.

101
00:05:28.350 --> 00:05:32.520
Additionally, tools such as Shodan and Censys

102
00:05:32.520 --> 00:05:34.710
can be used to scan the internet

103
00:05:34.710 --> 00:05:38.640
for publicly accessible devices and services,

104
00:05:38.640 --> 00:05:41.340
helping organizations to identify

105
00:05:41.340 --> 00:05:44.730
and manage their external assets.

106
00:05:44.730 --> 00:05:49.350
Next, setting up automated alerts for unauthorized use

107
00:05:49.350 --> 00:05:52.950
of brand names and keeping all online profiles

108
00:05:52.950 --> 00:05:56.310
and systems up to date can reduce the risk

109
00:05:56.310 --> 00:05:58.710
of external exploitation.

110
00:05:58.710 --> 00:06:02.280
Finally, conducting regular vulnerability scans

111
00:06:02.280 --> 00:06:06.780
and penetration tests on public facing applications can help

112
00:06:06.780 --> 00:06:09.240
identify and patch vulnerabilities

113
00:06:09.240 --> 00:06:12.210
before attackers can exploit them.

114
00:06:12.210 --> 00:06:17.210
So remember, the organizational attack surface includes

115
00:06:17.430 --> 00:06:21.390
vulnerabilities linked to an organization's external

116
00:06:21.390 --> 00:06:25.170
partnerships and its online presence.

117
00:06:25.170 --> 00:06:28.980
Key areas of concern, our third party connections

118
00:06:28.980 --> 00:06:32.730
and the organization's public digital footprint.

119
00:06:32.730 --> 00:06:36.600
Third party connections involve assessing all vendors,

120
00:06:36.600 --> 00:06:41.310
partners or service providers with access to company data

121
00:06:41.310 --> 00:06:45.420
or systems, as these connections can increase the attack

122
00:06:45.420 --> 00:06:48.270
surface if left unchecked.

123
00:06:48.270 --> 00:06:52.440
Next, the public digital presence includes websites,

124
00:06:52.440 --> 00:06:56.220
social media accounts, and other publicly accessible

125
00:06:56.220 --> 00:06:58.590
systems, which must be mapped

126
00:06:58.590 --> 00:07:02.730
to identify exposure points vulnerable to attack.

127
00:07:02.730 --> 00:07:06.360
In response, regular audits, security tools,

128
00:07:06.360 --> 00:07:10.680
and proactive monitoring help minimize the risks

129
00:07:10.680 --> 00:07:13.830
associated with both third party connections

130
00:07:13.830 --> 00:07:16.233
and public digital assets.