WEBVTT

1
00:00:00.090 --> 00:00:01.470
In this lesson,

2
00:00:01.470 --> 00:00:02.303
we will learn

3
00:00:02.303 --> 00:00:06.240
about the Organizational Change Attack Surface.

4
00:00:06.240 --> 00:00:09.060
The Organizational Change Attack Surface,

5
00:00:09.060 --> 00:00:11.340
refers to vulnerabilities,

6
00:00:11.340 --> 00:00:14.790
introduced during periods of transition.

7
00:00:14.790 --> 00:00:18.450
Organizational changes attack surface concepts,

8
00:00:18.450 --> 00:00:23.280
include staffing changes, mergers, acquisitions

9
00:00:23.280 --> 00:00:25.470
and divestitures.

10
00:00:25.470 --> 00:00:28.080
Staffing changes like the onboarding

11
00:00:28.080 --> 00:00:31.560
or offboarding of employees can lead to gaps

12
00:00:31.560 --> 00:00:36.120
in access control if accounts are not properly managed.

13
00:00:36.120 --> 00:00:38.610
Next, mergers and acquisitions,

14
00:00:38.610 --> 00:00:42.270
involve the consolidation of companies or assets,

15
00:00:42.270 --> 00:00:45.750
through various types of financial transactions

16
00:00:45.750 --> 00:00:50.490
where one company either merges with or acquires another.

17
00:00:50.490 --> 00:00:51.630
Conversely,

18
00:00:51.630 --> 00:00:55.620
a divestiture is the process of a company selling

19
00:00:55.620 --> 00:00:58.560
or separating a portion of its business,

20
00:00:58.560 --> 00:01:01.560
assets or subsidiaries.

21
00:01:01.560 --> 00:01:04.380
Let's learn more about staffing, changes,

22
00:01:04.380 --> 00:01:08.910
mergers, acquisitions and divestitures.

23
00:01:08.910 --> 00:01:11.880
First, we have staffing changes.

24
00:01:11.880 --> 00:01:14.490
Staffing changes refer to the addition

25
00:01:14.490 --> 00:01:18.690
or departure of employees within an organization.

26
00:01:18.690 --> 00:01:20.670
During such transitions,

27
00:01:20.670 --> 00:01:23.160
there are inherent security risks,

28
00:01:23.160 --> 00:01:26.040
particularly around account management.

29
00:01:26.040 --> 00:01:29.430
Without careful management departing employees,

30
00:01:29.430 --> 00:01:31.860
may leave behind orphaned accounts

31
00:01:31.860 --> 00:01:33.870
that retain system access

32
00:01:33.870 --> 00:01:37.800
or new employees may receive excessive permissions

33
00:01:37.800 --> 00:01:40.740
that allow them to access sensitive data,

34
00:01:40.740 --> 00:01:42.870
they don't need for their role.

35
00:01:42.870 --> 00:01:45.270
This can create security gaps

36
00:01:45.270 --> 00:01:48.450
as unmonitored or misconfigured accounts

37
00:01:48.450 --> 00:01:50.820
are prime targets for attackers

38
00:01:50.820 --> 00:01:54.840
who would like to exploit them for unauthorized access.

39
00:01:54.840 --> 00:01:56.580
In enterprise networks,

40
00:01:56.580 --> 00:01:59.580
staffing changes are particularly relevant,

41
00:01:59.580 --> 00:02:03.600
because each transition could disrupt access control

42
00:02:03.600 --> 00:02:05.520
and data integrity.

43
00:02:05.520 --> 00:02:06.750
For example,

44
00:02:06.750 --> 00:02:08.850
if an employee leaves the company

45
00:02:08.850 --> 00:02:11.040
but their accounts remain active,

46
00:02:11.040 --> 00:02:15.390
these orphaned accounts could be used by a malicious actor

47
00:02:15.390 --> 00:02:19.830
to gain access to sensitive resources undetected.

48
00:02:19.830 --> 00:02:23.460
So, to mitigate risks from staffing changes,

49
00:02:23.460 --> 00:02:26.820
organizations should implement automated identity

50
00:02:26.820 --> 00:02:29.010
and access management solutions,

51
00:02:29.010 --> 00:02:32.700
like Okta or Azure Active Directory.

52
00:02:32.700 --> 00:02:34.050
With these tools,

53
00:02:34.050 --> 00:02:37.230
an organization can streamline their onboarding

54
00:02:37.230 --> 00:02:42.090
or offboarding process, enforce access control policies,

55
00:02:42.090 --> 00:02:46.080
and quickly deactivate accounts when employees leave,

56
00:02:46.080 --> 00:02:49.920
reducing the chance of unauthorized access.

57
00:02:49.920 --> 00:02:52.500
Second, we have mergers.

58
00:02:52.500 --> 00:02:55.770
Mergers involve the integration of two companies

59
00:02:55.770 --> 00:02:57.780
into a single entity,

60
00:02:57.780 --> 00:03:01.740
combining their networks, systems and data.

61
00:03:01.740 --> 00:03:05.160
This integration introduces security risks

62
00:03:05.160 --> 00:03:07.320
as different security protocols

63
00:03:07.320 --> 00:03:10.200
and practices must be aligned

64
00:03:10.200 --> 00:03:14.070
and systems must be evaluated for vulnerabilities

65
00:03:14.070 --> 00:03:17.580
that could compromise the newly formed network.

66
00:03:17.580 --> 00:03:18.930
During mergers,

67
00:03:18.930 --> 00:03:22.080
the rush to connect and consolidate systems

68
00:03:22.080 --> 00:03:24.570
can sometimes lead to oversight,

69
00:03:24.570 --> 00:03:28.320
leading previously secure resources vulnerable.

70
00:03:28.320 --> 00:03:31.440
Mergers are relevant to enterprise networks,

71
00:03:31.440 --> 00:03:33.600
because combining infrastructures

72
00:03:33.600 --> 00:03:36.360
without thorough security alignment

73
00:03:36.360 --> 00:03:41.220
can result in unauthorized access to sensitive data.

74
00:03:41.220 --> 00:03:44.520
For instance, if a newly merged company,

75
00:03:44.520 --> 00:03:47.640
doesn't properly manage access controls,

76
00:03:47.640 --> 00:03:52.260
employees from one company may inadvertently gain access

77
00:03:52.260 --> 00:03:55.920
to confidential resources from the other.

78
00:03:55.920 --> 00:03:58.860
So, to mitigate these risks,

79
00:03:58.860 --> 00:04:03.420
organizations should perform a comprehensive security audit

80
00:04:03.420 --> 00:04:06.690
and implement network segmentation controls,

81
00:04:06.690 --> 00:04:09.780
like Cisco's identity services engine

82
00:04:09.780 --> 00:04:14.430
or firewalls to control access during the merger.

83
00:04:14.430 --> 00:04:16.590
Additionally, merging companies,

84
00:04:16.590 --> 00:04:20.220
should also use security information and event management

85
00:04:20.220 --> 00:04:25.220
or SIEM tools to monitor for abnormal activity in real time,

86
00:04:25.860 --> 00:04:29.250
looking for unusual login locations,

87
00:04:29.250 --> 00:04:32.730
access attempts outside of normal working hours,

88
00:04:32.730 --> 00:04:37.080
excessive data transfers and any access to systems

89
00:04:37.080 --> 00:04:40.710
or data by users who typically wouldn't need it.

90
00:04:40.710 --> 00:04:43.890
Third, we have acquisitions.

91
00:04:43.890 --> 00:04:46.740
Acquisitions involve one organization,

92
00:04:46.740 --> 00:04:48.870
taking control of another,

93
00:04:48.870 --> 00:04:52.290
often requiring the integration of systems,

94
00:04:52.290 --> 00:04:54.840
data and processes.

95
00:04:54.840 --> 00:04:58.920
Like mergers, acquisitions, present security risks

96
00:04:58.920 --> 00:05:02.160
as the acquired organization's infrastructure,

97
00:05:02.160 --> 00:05:05.580
may have vulnerabilities or mis-configurations

98
00:05:05.580 --> 00:05:07.470
that attackers could exploit,

99
00:05:07.470 --> 00:05:10.110
once the systems are integrated.

100
00:05:10.110 --> 00:05:11.970
These risks are heightened

101
00:05:11.970 --> 00:05:15.330
if the acquired company's security standards differ

102
00:05:15.330 --> 00:05:18.270
from those of the acquiring organization,

103
00:05:18.270 --> 00:05:22.536
which can create gaps in the combined networks defense.

104
00:05:22.536 --> 00:05:27.420
Enterprise networks face unique challenges in acquisitions,

105
00:05:27.420 --> 00:05:30.030
because integrating systems quickly

106
00:05:30.030 --> 00:05:34.560
can make it easy to overlook access control discrepancies.

107
00:05:34.560 --> 00:05:37.620
For example, an acquired company's network,

108
00:05:37.620 --> 00:05:42.240
may include outdated services that were previously internal,

109
00:05:42.240 --> 00:05:44.670
but now exposed the entire network

110
00:05:44.670 --> 00:05:46.980
to potential vulnerabilities.

111
00:05:46.980 --> 00:05:49.650
So, to reduce these risks,

112
00:05:49.650 --> 00:05:51.360
the acquiring organization,

113
00:05:51.360 --> 00:05:54.030
should conduct a security assessment

114
00:05:54.030 --> 00:05:56.040
of the acquired systems,

115
00:05:56.040 --> 00:05:59.900
maybe using tools like Rapid7 or Nessus

116
00:05:59.900 --> 00:06:04.770
to scan for vulnerabilities before completing the merger.

117
00:06:04.770 --> 00:06:08.220
Additionally, oncoming access controls,

118
00:06:08.220 --> 00:06:10.860
should be carefully reviewed and adjusted,

119
00:06:10.860 --> 00:06:13.800
using identity and access management tools

120
00:06:13.800 --> 00:06:16.740
to ensure only necessary personnel,

121
00:06:16.740 --> 00:06:21.740
have access to the acquired systems in the merged network.

122
00:06:21.870 --> 00:06:25.560
Fourth and last, we have divestitures.

123
00:06:25.560 --> 00:06:28.320
Divestitures involve a company selling

124
00:06:28.320 --> 00:06:31.890
or separating a portion of its business, assets

125
00:06:31.890 --> 00:06:33.600
or subsidiaries,

126
00:06:33.600 --> 00:06:37.260
which can introduce vulnerabilities as data

127
00:06:37.260 --> 00:06:39.870
and resources are divided.

128
00:06:39.870 --> 00:06:44.340
This separation process can expose sensitive data

129
00:06:44.340 --> 00:06:48.210
or leave IT assets insufficiently protected

130
00:06:48.210 --> 00:06:52.380
if security controls aren't carefully maintained

131
00:06:52.380 --> 00:06:56.130
and resources aren't decommissioned properly.

132
00:06:56.130 --> 00:06:59.430
Divestitures require extensive planning

133
00:06:59.430 --> 00:07:01.380
to avoid data leakage

134
00:07:01.380 --> 00:07:04.350
and ensure that separated resources

135
00:07:04.350 --> 00:07:08.040
are securely transferred or disposed of.

136
00:07:08.040 --> 00:07:12.180
In an enterprise network, divestitures are relevant,

137
00:07:12.180 --> 00:07:15.420
because systems that were previously integrated,

138
00:07:15.420 --> 00:07:20.310
must now be disentangled without compromising security.

139
00:07:20.310 --> 00:07:21.690
For example,

140
00:07:21.690 --> 00:07:23.610
if an organization fails

141
00:07:23.610 --> 00:07:26.700
to properly decommission shared servers,

142
00:07:26.700 --> 00:07:28.710
during a divestiture,

143
00:07:28.710 --> 00:07:31.620
the separated entity may still have access

144
00:07:31.620 --> 00:07:33.450
to sensitive data.

145
00:07:33.450 --> 00:07:36.060
So, to mitigate these risks,

146
00:07:36.060 --> 00:07:40.260
organizations should use data loss prevention tools,

147
00:07:40.260 --> 00:07:43.320
like Symantec Data Loss Prevention,

148
00:07:43.320 --> 00:07:45.990
or McAfee Total Protection

149
00:07:45.990 --> 00:07:50.990
to monitor data transfers and prevent unauthorized access.

150
00:07:51.240 --> 00:07:52.110
Additionally,

151
00:07:52.110 --> 00:07:56.550
IT teams should perform a security audit

152
00:07:56.550 --> 00:08:01.080
to confirm that all shared resources have been reconfigured

153
00:08:01.080 --> 00:08:03.390
or decommissioned appropriately,

154
00:08:03.390 --> 00:08:07.620
ensuring data integrity post-divestiture.

155
00:08:07.620 --> 00:08:09.870
So remember,

156
00:08:09.870 --> 00:08:12.840
the organizational change attack surface,

157
00:08:12.840 --> 00:08:15.630
refers to security vulnerabilities

158
00:08:15.630 --> 00:08:18.330
that emerge during times of transition,

159
00:08:18.330 --> 00:08:22.740
such as staffing changes, mergers, acquisitions

160
00:08:22.740 --> 00:08:24.540
and divestitures.

161
00:08:24.540 --> 00:08:27.420
Staffing changes can create risks

162
00:08:27.420 --> 00:08:31.080
when employee accounts are not properly managed,

163
00:08:31.080 --> 00:08:34.200
leading gaps in access control.

164
00:08:34.200 --> 00:08:38.160
Mergers involve integrating two companies networks,

165
00:08:38.160 --> 00:08:40.590
and systems into one,

166
00:08:40.590 --> 00:08:42.930
often creating vulnerabilities

167
00:08:42.930 --> 00:08:46.080
if security practices aren't aligned.

168
00:08:46.080 --> 00:08:50.820
Acquisitions where one organization takes control of another

169
00:08:50.820 --> 00:08:55.170
introduce similar risks as differing security standards

170
00:08:55.170 --> 00:08:58.860
and configurations in the acquired network

171
00:08:58.860 --> 00:09:01.320
may expose vulnerabilities.

172
00:09:01.320 --> 00:09:05.040
Finally, divestitures where a company separates

173
00:09:05.040 --> 00:09:09.570
or sells part of its business can expose sensitive data

174
00:09:09.570 --> 00:09:13.950
if assets are not secured or decommission properly.

175
00:09:13.950 --> 00:09:17.520
Each of these transitions demands careful planning

176
00:09:17.520 --> 00:09:21.510
and security measures to protect data integrity

177
00:09:21.510 --> 00:09:25.470
and minimize exposure to unauthorized access.

178
00:09:25.470 --> 00:09:29.010
By using tools like Identity and Access Management

179
00:09:29.010 --> 00:09:33.780
or IAM systems security information and event management

180
00:09:33.780 --> 00:09:38.780
or SIEM platforms and Data Loss Prevention or DLP,

181
00:09:39.090 --> 00:09:42.330
organizations can better secure their network,

182
00:09:42.330 --> 00:09:47.043
during these significant operational change times.