Recent high-profile cybersecurity incidents and the current geopolitical environment have created an extremely dangerous cybersecurity environment. This is a danger that affects every organization – automated attack campaigns are not target-specific.
Many of the factors contributing to this situation stem from an increasing number of vulnerabilities, with thousands of new ones being found each year.The task of protecting tech teams against this rising tide of threats is impossible for teams that are under-resourced.
Yet, in the battle against cybercrime, some of the most effective and most sensible mitigations are sometimes neglected. In this article, we’ll outline why cybersecurity risks have escalated so dramatically – and which easy wins your organization can make for a significant difference in your cybersecurity posture, right now.
Major cyberattacks recently indicate the danger
Due to the rise in vulnerabilities over the past couple years, along with the geopolitical tensions, cybersecurity has never been more important. A company cannot claim that it has impermeable cybersecurity.In recent weeks, we’ve seen non-stop reports of security breaches at Microsoft, Nvidia, Vodafone, and many others.
A group of teenagers belonging to the Lapsus$ group hacked Microsoft’s Cortana voice assistant and the Azure server for developers in March.
Lapsus$, who consists of a group of teenagers, didn’t stop there. Nvidia was also targeted, as the company admitted that sensitive corporate data was leaked, including proprietary information as well as employee credentials. Something similar happened to consumer group Samsung, and to consultancy Globant. All damage caused by just one group of miscreants.
The backdrop to these events
Of course, Lapsus$ is just one active group. There are countless others going after major and minor organizations alike. The list is endless – this February mobile, fixed-line, and TV services were taken offline for a big chunk of Portugal’s population as Vodafone Portugal suffered a major cyber breach. And nobody is spared – in January 2022, the Red Cross was hacked, exposing the personal data of hundreds of thousands of people.
Hacking, intrusions, extorsions… left, right, and center. Where does it end?
Well, it’s not likely to end anytime soon. There’s a steady stream of new vulnerabilities, and by extension, new threats appearing. By 2021, almost 22,000 new vulnerabilities were published on the National Vulnerability Database, an increase of 27% over the count for 2018, just 3 years ago.
Every year the total list of vulnerabilities grows, creating an ever-larger mountain of possible risks. The list of actors with interest in successfully exploiting vulnerabilities isn’t exactly shrinking either, as the latest geopolitical instability adds to the threat.
Mitigation is tough and multi-pronged
A lot of effort goes into fixing the problem – in trying to mount a defense. But as our long list of examples proved, and as this list of major hacks underlines, these defenses don’t always work. It is too easy to under resource, and resources can easily be allocated incorrectly.
The problem is that fighting against cybercrime is a multi-pronged task – you can’t beat cybercriminals by focusing on one or two defensive aspects alone. It needs to be the entire remit, ranging from endpoint security and encryption, through to firewalls and advanced threat monitoring – and on to hardening exercises such as patching and restricted permissions.
All of these components need to be in place and performed consistently, but that’s a big ask when IT teams are struggling for staff resources. In all fairness, it’s impossible to set up a watertight cybersecurity perimeter – if multi-billion-dollar firms can’t do it, it’s unlikely that the typical business will. But some essential parts of vulnerability management are sometimes neglected.
A quick win that’s neglected
According to the Ponemon report, it takes roughly five weeks to fix a vulnerability. Therein lies a major part of the issue. Fixing vulnerabilities through patching is arguably one of the most effective ways to combat cyber threats: if the vulnerability no longer exists, the opportunity to exploit it disappears too.
The need to patch has been mandated at the highest level – including by the Cybersecurity and Infrastructure Security Agency (CISA), which recently published a list of vulnerabilities that must be patched by covered organizations. Similarly, CISA’s recent Shields Up notification also points strongly to patching as a critical step that significantly supports cybersecurity.
Given the relative ease of patching – apply it and it works – patching should be a no-brainer. Patching is an easy win that can easily transform an organization’s cybersecurity posture. A recent study by the Ponemon Institute found that of the respondents that suffered a breach, 57% said it was due to a vulnerability that could have been closed by a patch.
Why patching is held back
We’ve established that patching is effective and attainable – so the question is, what’s holding back patching? There are multiple reasons for that – including, for example, the occasional risk that an untested patch can lead to system failure.
But the most obvious problem is disruption during patching. Patching a system traditionally leads to it being unavailable for some amount of time. It doesn’t matter if you’re patching a critical component like the Linux Kernel or a specific service, the common approach has always been to reboot or restart after deploying patches.
The business implications are significant. Though you can mitigate via redundancy and careful planning, there’s still a risk of lost business, reputational damage, performance degradation, and unhappy customers and stakeholders.
The result is that IT teams have struggled with maintenance windows that are woefully inadequate, often too spread apart to properly react to a threat landscape that can see attacks happen within minutes of the disclosure of a vulnerability.
Actively taking steps against cyber risks
So yes, organizations need to patch consistently as the first step amongst many. There’s a way forward for patching, thankfully, and it’s called live patching technology. Live patching solutions like TuxCare’s KernelCare Enterprise provide a non-disruptive solution to the patching challenge.
By installing patches on running software on the fly, it removes the need for disruptive reboots and restarts – and maintenance windows. There is, therefore, no need to wait to install a patch. What’s more, the automated nature of live patching means that patching windows are virtually eliminated.
It’s essentially instantaneous patch deployment – as soon as the vendor releases a patch, that patch gets applied which reduces exposure and the risk window to the minimum, with zero impact on business activities.
This alternative, effective approach to patching illustrates how there are effective steps to take within the cybersecurity battle – steps that are resource-friendly too. Another simple but effective way to harden systems against cybersecurity threats is MFA. Organizations that are not yet using multi-factor authentication (MFA) should enable it wherever providers offer it.
Quick wins are everywhere
The same goes for other quick wins. Take the principle of least privilege, for example. Simply by instilling a permissions-aware culture into tech teams, organizations can ensure that potential actors have minimal opportunities to enter into systems – and to progress if they do manage to enter. That goes for network segmentation, another resource-friendly but effective tool against the cybercrime threat.
The point is that as much as the cybersecurity threat is just about out of control, there are nonetheless many reasonably easy routes that allow organizations to mount a stronger defense. In other words, ignoring tools such as live patching, MFA, and permissions management simply makes a tough fight much harder. In contrast, jumping on these quick wins can quickly strengthen your cybersecurity posture.
Some sections of this post are sourced from: thehackernews.com