CYE Insights

The Shocking Blind Spots Most CISOs Have in Their Networks

April 4, 2021

The Shocking Blind Spots Most CISOs Have in Their Networks

Don’t let what you don’t know haunt you

Most CISOs are aware that it is exactly what they don’t know that will come to haunt them. They spend countless hours and sleepless nights trying to keep their networks safe. Yet, the Internet of Things (IoT) is growing at an unprecedented rate. In fact, according to IDC, by 2025, there will be 41.6 billion “things”, or IoT devices, connected to the internet.

Currently, an average home contains between ten or more connected devices – from smart TVs to water heaters to internet infrastructure devices (e.g. routers, access points and repeaters). With so many devices, it is difficult to monitor which are exposed to the internet, how secure they are, and which contain vulnerabilities that could potentially put the entire network at risk.

When looking at companies and enterprises, rather than residential homes, the problem increases dramatically. Not only do employees have their own computers and BYOD devices, but the network infrastructure is significantly larger than home networks. Enterprises and companies are at greater risk because they have communication infrastructures that, if breached, can disclose extremely sensitive information.  Others have industrial control systems that, if compromised, can shut down the company and cause millions of dollars in damages. The security risk increases even further as more and more infrastructures move to the cloud.

Are your connected devices putting your business in jeopardy?

While some businesses have deployed Network Access Control (NAC) solutions, which enable admins to implement policies that allow them to manage the users who can access corporate infrastructure, there are still plenty of blind spots.

According to research conducted by CYE, individuals and companies, alike, connect unimaginable “things” to the internet – from smart landline phones to conference call centers to smart cameras. Some even write their credentials on login screens. This seemingly innocent oversight may provide individuals and bad actors from around the world with access to highly sensitive and confidential information.

The research also indicated that industrial companies have control systems (also known as Scada systems) and web-based administrative interfaces that control multiple devices, including water pumps, agriculture watering systems and even administrative interfaces of incinerators, thus opening them up to serious vulnerabilities if they are not properly protected.

The challenges increase even further with the rise in “smart” cities, artificial intelligence (such as Siri and other virtual assistants), 5G networks, and autonomous vehicles. Ensuring that businesses are not accidently exposed is not a job for a man or machine, but for both. In order to protect themselves, businesses should apply both continuous automated scanning solutions and hands-on penetration tests to minimize their attack surfaces and data leaks.

That’s why CYE’s flagship product, Hyver, uses advanced algorithms and graph modeling to mimic the adversarial behavior of hackers and explore the latest methods and attacks in order to detect gaps and vulnerabilities in the enterprise’s attack surface. In addition, CYE’s cyber experts perform real, non-simulated attacks, thereby providing a comprehensive cybersecurity assessment, covering the entire organization, as well as third-party vendors.

Hyver accurately predicts possible attack routes, giving customers the ability to prevent leaks and cyber attacks before they are exploited, as well as the knowledge of where resources need to be invested.

Ultimately, Hyver enables companies to reduce risks, while helping CISOs put their minds at ease.

Gil Cohen

By Gil Cohen

Research Director & Application Security SME