The typical company, large or small, depends on a number of different enterprise applications in order to ensure that employees can complete critical, daily tasks. Apps like those for enterprise resource planning, customer relationship management, screen and file sharing have become commonplace in corporate settings – doing things any other way is archaic, at this point.
However, these key applications are often targeted by hackers, and can provide the perfect entryway for rampant malicious activity across the network. All it takes is a single unpatched vulnerability exploited by a cyber criminal as a launch pad for attack – this simple scenario takes place more often than many enterprises would like to admit, but can result in a large-scale breach with the potential to take down an organization.
There’s no arguing the criticality and importance of enterprise apps. However, without the proper precautions, employee training and security safeguards, these platforms could be putting your business at serious risk of infection and attack.
How large is the attack surface?
Consider the number of applications the typical company has in place today – some for communications, some for resource tracking, some for production and others with more granular and specific capabilities. What’s more, managers have to consider the shadow IT that could (and usually is) taking place within the enterprise – if an employee isn’t familiar or doesn’t like the functions of an app, he may download something else, without the approval or oversight of the IT team.
In today’s environment, businesses often have more apps within their networks than they realize. The most recent statistics available show that the average medium- to large-size organization has anywhere between 300 and 400 cloud apps in place, most of which (90 percent) weren’t deployed officially by the IT team, according to ZDNet.
“The typical enterprise has more than 500 applications in place.”
A separate study discovered even more applications – Netskope found that the typical enterprise has more than 500 applications in place, Forbes reported. Worse still, many of these apps supported capabilities that put data at considerable risk – 85 percent of data came from file sharing apps and 81 percent of data being downloaded within the company took place in an app that didn’t include encryption for data at rest.
The bottom line that both studies show is a lack of IT administrator visibility over the apps being used within the organization. Even with best practices in place, IT workers can’t patch vulnerabilities in applications that they don’t know exist within the network. In this way, the attack surface for risk associated with enterprise apps is considerably large – the threat exists for almost every business across all industries.
Continuing security flaws
In 2017, companies like Microsoft and Adobe issued countless patches for their platforms – Patch Tuesday is now common practice, and Microsoft users now look out for these monthly updates. Trend Micro analysts predict that frequently security flaws in need of patching within widely-used applications aren’t going to slow in this year, and IT stakeholders will need to continue being on top of installing security patches.
“Users and enterprises are advised to routinely check for software updates and apply patches once they are available,” Trend Micro stated in the report, Security Predictions for 2018: Paradigm Shifts.
New trend in attack: Manipulating production environments
Hackers aren’t just seeking out specific vulnerabilities in typical enterprise apps – Trend Micro predicted in its new report that cyber criminals will increasingly seek out digitally twinned, production platforms commonly used by businesses to pinpoint and resolve performance issues in their actual platforms.
“[W]e believe that while it’s poised to transform operations, the product network can be infiltrated by malicious actors aiming to manipulate the system and cause operational disruptions and damages,” the report stated. “By manipulating the digital twin itself, these actors can make production processes look legitimate when they have, in fact, been modified.”
This sneaky process enables hackers to fly under the radar, and such manipulations can even be later used for attacking real-world production processes.
“If a manipulated piece of data or wrong command is sent to an ERP system, machines will be liable to sabotage processes by carrying out erroneous decisions, such as delivery of inaccurate numbers of supplies, unintended money transfers, and even systems overloads,” the report pointed out.
Weak credentials open doors, provide APT foothold
In addition to exploiting known threats within unpatched applications, hackers can also leverage weak access credentials to break into an application, and eventually, the rest of the enterprise network.
Poor, easily-guessed passwords have been a thorn in the side of businesses for years now, and this problem persists in many industries – the Cloud Security Alliance identified insufficient identity, credential and access management as one of its top 12 threats.
Worse still is that weak passwords can be compounded by the fact that some workers will utilize the same credentials for multiple accounts. Once a hacker breaks into one app using stolen or jailbroken access details, he may be able to apply the same credentials to break into other systems.
A breach of this kind can also enable an advanced persistent attack, wherein hackers remain within the infected network and steal data over a long period of time.
“Once in place, APTs can move laterally through data center networks and blend in with normal network traffic to achieve their objectives,” explained CSO contributing writer Bob Violino.
Reducing the risk: Safeguarding enterprise applications
While essential, enterprise applications can still open up considerable risk for today’s businesses. There are some best practices that organizations can use to reduce the threat and better safeguard these critical assets:
- Work to eliminate shadow IT: It’s imperative that IT stakeholders have visibility into all of the apps present on the network. Company policies should include language that prevents employees from downloading applications without IT approval. In addition, the IT team should create and maintain an application list to ensure that nothing falls through the cracks when it comes to updates and overall security.
- Install updates; compliment with vulnerability shielding: When possible, security patches should be put in place as soon as they are made available. This can be a challenge, however.
“[A]s administrators can stumble over immediate deployment of updates, we recommend integrating vulnerability shielding into systems so that platforms are protected against upatched and zero-day vulnerabilities,” Trend Micro advised.
- Train users appropriately: Employees should receive training on app security that covers their individual responsibilities, as well as the ways in which they contribute to the overall security posture. Training should include establishment of robust, unique access credentials. In addition, when a new application is deployed, employees should be educated about its features and usability to help prevent shadow IT.
- Consider whitelisting: This common and beneficial approach can help ensure that only approved applications are able to operate within the network, reducing the attack surface and chance for malicious activity.
- Don’t forget about mobile: It’s not just on-prem applications that present an issue – employees are also accessing company applications from their mobile devices. It’s imperative to put a layer of security on these endpoints to help prevent attack and misuse.
- Investigate app wrapping for on-prem: TechBeacon noted that an advantageous technique involves wrapping apps, effectively segmenting them into an individual, managed environment. This helps eliminate lateral movement by threat actors, protecting the rest of the network if one app is attacked and infiltrated. App wrapping is best used only for specific apps and in particular situations, but it’s worth considering for platforms with highly sensitive data.
- Leverage a best-in-class security solution: Layered security is imperative. In this way, organizations should have app-focused security solutions that enable protection of their most critical applications.
To find out more and better safeguard your company’s applications, check out Trend Micro’s Intrusion Prevention technology and connect with the experts at Trend Micro today.