Shifting the cybersecurity odds

February 24, 2025 TH Author

Partner Content Security can feel like fighting a losing battle, but it doesn’t have to be.

As critical gaps are left exposed, breaches are on the rise. This is the case despite ongoing investments in defensive technologies, such as firewalls, EDRs, SIEMs and XDRs. According to Gartner, global spending on security and risk management is estimated to have reached $215 billion in 2024, a 14 percent increase from 2023. With a lot at stake, there is a huge incentive for organizations to adopt a highly rigorous and effective security system, that puts them in a structurally better security posture to weather a breach.

As the VP of Global Sales Engineering at Pentera, I’ve encountered a wide range of IT environments – some impressive, others problematic, and a few that are downright concerning. Security teams face immense pressure to manage risk, constantly battling evolving threats. Patterns emerge, revealing the most vulnerable areas of a network and the simple security fixes that often go unnoticed.

I’ve listed some of the most ubiquitous ones here with a range of recommendations, that if implemented correctly, can go a long way to build your organizational resilience.

The accuracy of asset management

Asset management is one of the most persistent challenges in cybersecurity, with many security leaders I’ve spoken to admitting they don’t fully trust the accuracy of their asset inventories. The problem lies in the complexity of modern IT environments, where assets are dynamic, spanning on-premises, cloud, and hybrid infrastructures. Shadow IT, misconfigurations, and constant changes further complicate visibility. Without a clear and reliable understanding of their assets, organizations are left exposed, unable to defend what they don’t know exists. It’s no wonder that many security teams would gladly start from scratch if given the chance, knowing that accurate asset management is foundational to any effective defense strategy.

The quick wins:

– Quickly catch changes like security degradation, accidentally opened ports, or newly spun-up servers and web apps. You can detect this by running emulated attacks that confirm the occurrence of these exposures and many others.

– Reduce unnecessary exceptions to security policies. You likely have good policies in place, enforce them.

– Close open ports that are unused. Often gateways or open ports on clients are unnecessary.

– Check sniffing and relaying doesn’t work, this should be repeated regularly.

The plugging of leaked credentials

Leaked credentials have become a low-cost, high-reward opportunity for attackers to gain an initial foothold in organizations. With a staggering volume of email addresses, password hashes, and even cleartext passwords circulating on the dark web and public-paste sites, attackers can access this information with minimal effort or expense. Credential-based attacks, such as password stuffing or credential reuse, allow adversaries to bypass traditional perimeter defenses and masquerade as legitimate users, making them both effective and difficult to detect especially when compounded with issues like missing MFA. The abundance of leaked credentials underscores the urgent need for organizations to prioritize and test their defenses against these common attack vectors.

The quick wins:

– Use two-factor authentication wherever possible and validate that it’s active, most certainly on the perimeter.

– Educate your users to not reuse passwords, ever.

– Regularly test if leaked passwords can be used to access your systems.

– Catch and mitigate leaked passwords on the Active Directory

Vulnerabilities: Prioritized

Vulnerability prioritization is a daunting challenge for cybersecurity teams, often leading to fatigue and frustration. With thousands of new vulnerabilities disclosed each year, the sheer volume is overwhelming, and teams are left scrambling to patch as quickly as possible. Despite their best efforts, it can feel like running in a never-ending hamster wheel – no matter how fast they move, they can’t keep up. This constant churn not only drains resources but also risks critical vulnerabilities slipping through the cracks. Emphasize the need for smarter, evidence-based prioritization that focuses on true exploitability and business impact.

A few big wins:

– Prioritize vulnerabilities based on risk assessment and critical assets preferably on your own production networks. In the case of an attack, that’s the environment that matters most!

– Remediate exploitable vulnerabilities that create a high risk in your network.

– Validate alerts are created for events you do want to know about in time and alerts are reduced for unnecessary events.

Making the right purchasing decisions

Building a resilient cybersecurity system requires making informed purchasing decisions that go beyond box-checking during RFP evaluations. While testing and RFP results are valuable, many decisions still rely on subjective preferences or assumptions that the solution will “just work.” A better approach is to test products in the field, measuring their real-world performance in the context of the organization’s unique network. For example, will the chosen EDR effectively protect legacy operating systems that, while slated for decommissioning, remain active today? Such considerations ensure investments are aligned with actual needs, minimizing gaps and maximizing the system’s overall resilience.

The important wins:

– Use to safely test new tools in production.

– Put older equipment into their own micro-segment that only allows access to the needed services specifically. This provides a path to improved security posture and makes it easier to justify investments.

– Check your security stack is configured optimally, and that integrations are leveraged. Reduce the number of islands in your network, and build bridges.

In cybersecurity, the odds are inherently stacked against defenders. An attacker only needs to succeed once to cause widespread damage, jeopardize reputations, and put jobs on the line. Meanwhile, the pressure for defenders is relentless, and their efforts are often invisible and uncelebrated in the absence of incidents. Yet by taking actionable steps to harden your defenses, you can make it significantly harder for attackers to infiltrate, remain undetected, and pivot within your network.

The truth is, you likely already know much of what needs to be done – focus on making it feasible to implement. With the right strategy and execution, you can shift the odds in your favor and ensure your defenses are as resilient as the challenges you face.

Contributed by Pentera.