Organizations’ vulnerabilities and proactive mitigation strategies
Today, the acceleration of business digitization has expanded the attack surface, increasing organizations’ vulnerabilities. Most of these vulnerabilities are in internet-facing assets, so by simply scanning the assets or systems, threat actors can discover those that are vulnerable and therefore susceptible to attack.
What do we mean when we talk about vulnerabilities in the systems environment?
A vulnerability is a flaw or weakness in an IT system, security procedure, design, implementation, or internal control that could be exercised (accidentally triggered or intentionally exploited) and would result in a security event. Keeping systems and applications up to date with security patches is one of the most critical tasks facing an IT department.
Two types of vulnerabilities pose a risk to organizations:
- A zero-day vulnerability in a system or device is a vulnerability that is exploited before the vendor discovers how to fix it. Typically, nation-state actors target these vulnerabilities.
- Unpatched vulnerabilities were the most prominent attack vectors exploited by ransomware groups and threat actors alike during 2021. There was a 33% increase in attacks caused by vulnerability exploitation of unpatched software in 2021, representing the cause of 44% of ransomware attacks.
- These unpatched vulnerabilities pose a greater threat to organizations than zero-day vulnerabilities because nation-state actors and run-of-the-mill cybercriminals alike target organizations in masse. But do these vulnerabilities pose a serious problem for organizations? What number of vulnerabilities do they face?
- The US-CERT Vulnerability Database, a federally funded research and development center, recorded 18,376 vulnerabilities in 2021, an 11% increase from 2018.
- Attackers with few technical skills can exploit 90% of all vulnerabilities that were uncovered in 2021. Vulnerabilities that require no user interaction accounted for 61% of the total volume.
- Attackers routinely exploit 703 vulnerabilities.
Why are there are so many vulnerabilities unpatched, ultimately increasing the organization’s risk?
According to IT operational teams:
- The high volume of vulnerabilities they face, and lack of resources make it difficult to keep up to date in the application of patches.
- Lack of visibility into all affected assets and the relevance of those assets to the business creates difficulty in prioritizing what needs to be patched.
- Coordination with other areas to deploy a solution usually takes an average of 12 extra days, increasing risks and costs.
According to business units:
- An efficient and effective vulnerability patching process requires investing time and resources that do not generate value because it can cause the business to have a service interruption during the remediation process.
- The lack of strategies in the vulnerability management process causes an annual cost increase of 21% in large organizations.
Strategies for the vulnerability management process therefore must evolve from a reactive to a proactive approach. Consider the following factors, as appropriate, for your institution:
- Prioritize patching based on the criticality rating of the vulnerability or proactively patch the vulnerabilities that threat actors are actively exploiting, according to the Cybersecurity and Infrastructure Security Agency (CISA) Known Exploited Vulnerabilities. Vulnerabilities cited in the previous list, and found in Internet-facing assets, ideally should be fixed within 24 hours.
- Use process automation to increase efficiency. Tools such as SOAR (Security Orchestration, Automation, and Response) can help in this effort.
- Inventory all hardware and software assets to help improve asset visualization and associated vulnerabilities.
- Increase the frequency of proactive asset scanning.
- Raise awareness among business units of the importance of this process to prevent cyberattacks.
Leave a Comment