Most cyber incidents involve vulnerabilities that information security teams are well aware of. Uninformed users, outdated systems, predictable passwords etc. are the Achilles’ heel of corporate security.
But why does this happen?
Often, companies take a reactive posture, that is, they mainly prepared to respond to external factors, such as threats of great repercussion. For example, when a ransomware campaign goes global in scope, the malware itself becomes the number-one priority of the security team. So all efforts aim at shielding the systems and assets that could be compromised.
However, a preventive posture cares to obtain a comprehensive view of the entire environment, assets and users; define types of risks and their priority levels; and, of course, monitor internal vulnerabilities as well as external threats.
Which vulnerabilities affect your business?
That is an important question. Do you really know the technological environment of your company in order to determine which points may be insecure?
Thoroughly studying your own environment is crucial to identify and fix vulnerabilities before they are exploited by attackers. Some of these gaps are quite frequent, regardless of the type of company.
To make it easier, we’ve put together 4 examples of vulnerabilities that most companies find in their environment and can be quickly fixed:
- Identify all assets connected to the network
Constantly monitor the state of your environment, so to identify if and when new assets are added. When an unauthorized resource is plugged to your network, it can become a channel for potential malicious exploits.
For example, a user adds a new personal computer to the network. Since this device is not protected, your network may receive malicious traffic that compromises other devices, with the disadvantage that the IT staff will not see the origin in case of an incident.
- Review security policy and controls’ settings
It is important to assess whether your policy remains relevant. Even if it had been carefully designed, new factors may come into play: emerging threats, market regulations, technologies, users etc.
Another aspect, equally important, is to constant manage the network structure. Poor server configuration, conflicting product rules, non-compliance with internal security policy and industry standards or inadequate access privileges, for example, can create risky situations.
The same goes for monitoring changes in settings. It is important to follow any changes applied to network settings, establishing whether it is an authorized change and whether it may promote new risks.
- Manage system upgrades
In terms of security, outdated systems represent vulnerabilities:
that are frequent, because every system receives patches. Therefore, companies always have some software that needs updating; and
that are frequently ignored, because, in general, systems update encounters several obstacles, such as: required time of inactivity; long update schedules; software whose patches do not support legacy systems; absence of patch management etc.
Identifying software that needs to be upgraded and applying pacthes can reduce major losses as multiple threats look for breaches to compromise enterprise assets.
- Manage user activities
Despite technology, every information security event involves a person. Therefore, to mitigate vulnerabilities, it is critical to be aware of users.
There are two ways to accomplish this mission. The first is security awareness. Promote security information campaigns, clarifying the existent types of threats, the techniques applied by cybercriminals, user behaviors that may put the company at risk and, above all, the potential risks mapped by the company. A well-informed user is an ally of cybersecurity policy.
The second form is technology. It is critical to monitor your users’ frequent activities to determine if they comply with the company’s security policy and industry standards.
Access privilege management is included at this point. Every company needs to identify when there are flaws in their users’ credentials that allow them to access sensitive information.
How to solve these vulnerabilities quickly and accurately?
Sure there are fairly practical ways to mitigate these types of vulnerabilities, intuitively and quickly. Vulnerability and compliance management platforms, such as BLOCKBIT VCM, have been developed for this purpose.
With this type of tool, IT staff can schedule and configure system scans to identify breaches that can be exploited by an attacker – and correct them before a potential incident. The examples above are of really common vulnerabilities that can be fixed with or without a vulnerability management control (but of course, it will be simpler if your company chooses to use the tool).
Nevertheless, these products can accelerate the mapping of failures at deeper levels of resource configurations, devices, web applications, applying a vulnerability intelligence database to network resources, and evaluating compliance with industry standards regulations etc.
How would you prefer to monitor vulnerabilities in your system? With decentralized plans or with integrated controls?