Article written by cybersecurity knowledgeable Yuriy Tsibere.
Gone are the times when cybersecurity meant stopping annoying viruses just like the Love Bug. As we speak, it’s about battling a large, financially motivated cybercrime business. Assaults are smarter, quicker, and extra damaging—and that modifications all the pieces for product groups.
For product managers (PMs), this implies understanding that attackers are always exploiting the identical weak spots: stolen admin credentials, lacking multi-factor authentication (MFA) on VPNs, distant encryption, and intelligent “residing off the land” (LOTL) tips like utilizing Workplace to launch PowerShell.
Even one thing so simple as an unpatched firewall or a rogue USB drive can open the door to a breach.
New vulnerabilities and zero-days are popping up on a regular basis, and product groups have to remain on their toes. A number of examples:
- WannaCry (2017): Used the EternalBlue flaw in SMBv1 to unfold ransomware quick. It pressured corporations to disable SMBv1 altogether.
- Some Trade Server bugs: Let attackers run malicious scripts, typically resulting in ransomware.
- Log4j vulnerability: A vulnerability in a well-liked Java logging framework that allows arbitrary code execution. Nonetheless displaying up in outdated firewalls and VPNs.
- Follina (MSDT): Let Workplace apps launch PowerShell with none consumer interplay.
Well timed patching helps, nevertheless it’s not sufficient. There’s all the time a niche between discovering a flaw and fixing it. That’s why groups want layered defenses and a mindset that’s prepared to reply to incidents as they occur.
How breach studies drive real-time product shifts
The 100 days to safe your surroundings webinar collection from ThreatLocker is a good instance of incident-driven growth. It helps safety leaders deal with what issues most of their first few months.
Actual-world breaches typically instantly result in new product options or coverage modifications. Right here’s how:
- Unlocked machines: a menace actor as soon as accessed a hospital laptop that was left open and ran PowerShell. Now, password-protected display savers are a should.
- USB information theft: USB drives are nonetheless a go-to for stealing information. Merchandise now provide fine-grained USB controls—blocking unencrypted drives, limiting file varieties, or capping what number of recordsdata will be copied.
- Lateral motion: Ransomware typically spreads utilizing previous admin accounts. Instruments now detect and take away these after overview.
- LOTL assaults: Follina confirmed how legit instruments will be misused. Ringfencing™ helps cease apps from launching issues they shouldn’t.
- Outbound site visitors abuse: Assaults like SolarWinds used outbound connections. Now, default-deny insurance policies for server site visitors have gotten commonplace.
- Stolen credentials: MFA is non-negotiable for cloud accounts, distant entry, and area controllers.
- Susceptible VPNs: Unpatched VPNs are a giant threat. Options now embody IP-based entry controls and even disabling unused VPNs.
The PM’s response: From advisory to actionable function
For cybersecurity PMs, reacting to threats means extra than simply writing advisories. It’s about constructing smarter, safer merchandise. Right here’s how:
- Get full visibility
Begin by understanding what’s working in your surroundings. Use monitoring brokers to trace file exercise, privilege modifications, app launches, and community site visitors. - Prioritize dangers
With an entire image, PMs can deal with high-risk instruments and behaviors:- Distant entry instruments like TeamViewer or AnyDesk
- Software program with too many permissions (e.g., 7-Zip, Nmap)
- Dangerous browser extensions
- Software program from high-risk areas
- Drive adaptive coverage creation
Safety insurance policies ought to evolve with the menace panorama:- Take a look at first: Use monitor-only mode and take a look at teams earlier than imposing new guidelines.
- Be exact: Transcend on/off switches—use dynamic ACLs, Ringfencing, and app-specific admin rights.
- Encourage adoption by minimizing disruption
- Supply a retailer of pre-approved apps
- Make it simple to request new software program
- Clarify why restrictions exist—it builds belief
- Steady enchancment and monitoring:
- Use well being studies to identify misconfigurations
- Block USB file copies if thresholds are exceeded
- Clear up previous insurance policies and unused apps recurrently
- Embrace patch administration
Be certain all the pieces—from working methods to moveable functions like PuTTY—is updated. Use instruments to seek out lacking patches and take a look at them with pilot customers earlier than rolling out. - Shield backups
Backups have to be shielded from compromise. This consists of limiting which apps can entry them and requiring MFA for backup companies. PMs must also take a look at the backups recurrently to validate restoration readiness.
Cybersecurity PMs are on the entrance strains of utilizing real-world protections towards real-world threats.
By staying knowledgeable, gathering the fitting information, and constructing with customers in thoughts, you’ll be able to cut back threat with out making life tougher on your staff.
Sponsored and written by ThreatLocker.
