In the cat-and-mouse game of cybersecurity, many traps lay ahead for organizations.
Adversaries ranging from criminals to state actors are increasingly relying on the exploitation of vulnerabilities in unpatched systems and devices to infiltrate company and government networks. There were twice as many confirmed breaches in 2023 than the year before, according to Verizon Business’ Data Breach Investigations Report (DBIR), there. The exploitation of vulnerabilities accounted for 14 percent of these incidents, an almost three-fold increase from the previous year.
3 Measure to Protect Your Company From Cyber Threats
- Continuously monitor threats.
- Secure your endpoints with autonomous updates.
- Have the ability to roll back patches.
It’s clear that adversaries are leveraging advanced techniques and exploiting vulnerabilities at a pace never before seen, posing significant challenges to organizations’ security and IT teams. But companies aren’t powerless when it comes to these threats. In fact, most of these vulnerabilities are well known, some even for decades, but a lack of action when it comes to patching makes systems open to attack, resulting in significant consequences. Here are some examples of exploited vulnerabilities, which for many organizations, remain a looming threat:
- ConnectWise ScreenConnect: This vulnerability, which allows malicious actors to get control of administrative privileges, has been confirmed to be the source of ransomware, information stealers and other attacks. Federal authorities have said that the ransomware group Black Basta has been using the exploit for several months. The group has recently been targeting healthcare and other critical infrastructure providers. ConnectWise has issued a patch for the vulnerability and encourages users to update immediately.
- MOVEit: The mass exploitation of a vulnerability in file-transfer software MOVEit resulted in hackers accessing the systems of scores of companies including Shell, Ernst & Young and Deutsche Bank as well as hundreds of educational institutions. Even after Progress Software issued a patch for the vulnerability, it continues to be exploited.
- Log4J: This exploit in the Apache Log4J Java-based logging library, dubbed “Log4Shell,” may have been released in December 2021, yet it remains one of the most attempted exploits today, including by North Korean hackers Lazarus. Many companies were initially affected by the exploit, including AWS, Cisco and Adobe, and patches were subsequently issued. Although no companies have publicly admitted to being victimized by the exploit, Log4J shows why it’s vital to keep software up to date and patch old vulnerabilities.
It’s fairly simple to see what went wrong or potentially could go wrong with each of these cases, organizations that fail to patch known vulnerabilities in their systems leave themselves open to attack by malicious actors. Here’s what you can do to protect your organization from these threats.
3 Steps to Protect Against the Latest Cybersecurity Threats
1. Continuously Monitor Threats
Security departments should be on top of the latest malware and vulnerabilities in the organization’s software. But being aware of threats is not enough to stay safe. This information needs to be shared with IT departments, who should work hand in hand with security to mitigate threats.
One of the most impactful ways to embrace a proactive approach to endpoint security is through real-time identification of vulnerabilities and their severity levels by amassing data from various sources. These include The MITRE Corporation’s CVE database or the CVSS score. Many vulnerability management solutions, such as CrowdStrike, also feature this kind of data. Combine this with information on the latest patches available to remediate those vulnerabilities, and you have a winning combination to take proactive action.
If your business is evaluating vulnerability management vendors, be sure to ask them:
- Do you assess criticality factors for vulnerabilities? What data do you capture to make those assessments?
- How current and large is your patch library?
2. Secure your Endpoints With Autonomous Updates
There are too many vulnerabilities out there for humans to keep up with. Your organization needs autonomous solutions that not only monitor threats, but automatically roll out patches to cut off attack vectors. The best practice is to schedule and prioritize automated patch deployments using real-time vulnerability data to ensure all critical vulnerabilities are patched immediately.
The second, best practice for embracing autonomous and proactive patching is to define precision patching rules for vulnerabilities, based on your unique business rules and to develop patching strategies before you automate. These rules should be incredibly granular and factor in the time of day as well as your employees’ needs.
Humans should set the strategy and processes for vulnerability remediation and let software do the rest.
Many vulnerability management platforms feature real-time reporting and dashboards that show your progress along every step of the process. Your IT department should consistently review dashboards and reports for instant analysis into patching metrics, risk, compliance and more.
Make sure to ask any vendors your business is considering:
- What reporting do you deliver? Is it in real time?
- Is it easy to take action on information in dashboards?
3. Have the Ability to Roll Back Patches
Sometimes, patches can cause breakdowns of systems—as one expert posited about the recent AT&T outage. Customers of the company’s wireless plan experienced a 12-hour outage, and one theory as to why is that the company may have experienced issues after updating its network. Patching fast is vital, but so is having the peace of mind that you can revert back to previous versions.
- Ask vendors: Can I roll back patches? How much control do I have over the process?
The threat of vulnerability exploitation looms large. To mitigate these dangers, organizations need to prioritize continuous threat monitoring and implement autonomous patching solutions. The ability to quickly deploy and roll back patches is essential. By staying vigilant and proactive, organizations can better protect their systems and data from cyberattacks.