Eskenzi PR ad banner Eskenzi PR ad banner
  • About Us
Sunday, 29 January, 2023
IT Security Guru
Eskenzi PR banner
  • Home
  • Features
  • Insight
  • Events
    • Most Inspiring Women in Cyber 2022
  • Topics
    • Cloud Security
    • Cyber Crime
    • Cyber Warfare
    • Data Protection
    • DDoS
    • Hacking
    • Malware, Phishing and Ransomware
    • Mobile Security
    • Network Security
    • Regulation
    • Skills Gap
    • The Internet of Things
    • Threat Detection
    • AI and Machine Learning
    • Industrial Internet of Things
  • Multimedia
  • Product Reviews
  • About Us
No Result
View All Result
  • Home
  • Features
  • Insight
  • Events
    • Most Inspiring Women in Cyber 2022
  • Topics
    • Cloud Security
    • Cyber Crime
    • Cyber Warfare
    • Data Protection
    • DDoS
    • Hacking
    • Malware, Phishing and Ransomware
    • Mobile Security
    • Network Security
    • Regulation
    • Skills Gap
    • The Internet of Things
    • Threat Detection
    • AI and Machine Learning
    • Industrial Internet of Things
  • Multimedia
  • Product Reviews
  • About Us
No Result
View All Result
IT Security Guru
No Result
View All Result

It’s time to get ahead of weaponised vulnerabilities

The global crisis revealed a multitude of nascent cyber-security shortcomings

by Dr. Jan-Oliver Wagner
July 19, 2021
in Insight
Author headshot
Share on FacebookShare on Twitter

It comes as no surprise that the Covid-19 pandemic has resulted in an increase in security gaps. The global crisis revealed a multitude of nascent cyber-security shortcomings, including a lack of agility to support homeworking and an overreliance on on-premise security. It also created a whole host of new challenges, from scam Covid-related domains to an increase in phishing attacks.

Indeed, the pandemic has seen cyber-crime flourish. In its Annual Review 2020, the UK’s NCSC revealed that GCHQ handled more than 200 cyber incidents related to the coronavirus during the course of last year – almost a third of the total number of incidents it handled over that period. This included more than 160 instances of high-risk and critical vulnerabilities shared with NHS Trusts. Overall, vulnerabilities have exploded in number over this past year, with HackerOne’s 2021 Hacker Report finding that, as more enterprises moved to the cloud, reports of misconfiguration vulnerabilities rose by 310%.

More opportunities for hackers in new digital landscapes

From Zoom’s security gaps to the SolarWinds attack, vulnerabilities have also been a weapon of choice for hackers over the past year as they take advantage of the new digital landscape. Progress is being made in warding off these vulnerability-based attacks – for example, Kenna Security found a falling number of vulnerabilities being exploited, while HackerOne discovered that the number of white hats reporting vulnerabilities to companies increased by 63% in 2020. But organisations must still be alert to the risks of vulnerabilities and their potential for weaponisation.

The growth of vulnerabilities has meant hackers not only have a larger attack surface, but they have also become less predictable in how they select their targets. Indeed, instead of only focusing on vulnerabilities that are currently being weaponised or those that are likely to be, organisations need to be cognisant of other potential risks. The ‘pandemic’ risk for example, which sees cyber criminals taking advantage of a vulnerability that more and more organisations choose not to manage. The fewer organisations that are ‘vaccinated’, the easier the pandemic spreads.

There’s also automation risk. Increasingly, cyber criminals are using automation tools and techniques to exploit vulnerabilities, as it is not only an attractive low-cost route, but it also significantly reduces the time window in which organisations can deploy countermeasures. Being prepared is therefore essential.

Take a proactive approach

While organisations cannot predict how cyber criminals will attack, they can proactively manage their attack surface through cyber resilience.

This is a continuous process which strengthens an organisation’s ability to resist attacks and enables it to continue functioning during an incident. To achieve this state, organisations need to reduce the size and number of targets that hackers can exploit whilst also establishing and maintaining a stable base to bounce back from in the event of an attack.

Identifying and managing all vulnerabilities will help organisations achieve both these goals. The first step in this process is to create a context for IT security policies, determining which systems, assets and processes need to be protected and to what extent, guiding IT on how best to configure security solutions.

The second step is to scan for all current vulnerabilities, targeting any current infrastructure weaknesses. Keeping a vulnerability database is also a good idea, helping IT to prioritise and mitigate the vulnerabilities that need the most urgent attention. It is also important to assign responsibility and accountability when a vulnerability is detected, ensuring that there is a streamlined process in place that will remediate the issue sooner rather than later.

Once the vulnerability has been mitigated, all the key information pertaining to it – including when it was detected, how long it took to resolve and who is accountable – should be recorded for future analysis and attack prevention.

The wider picture

Vulnerability management is important, yet it is still just one of the many steps to achieving complete sustainable cyber resilience. All hidden risks within digital processes must be taken into consideration and made apparent. Companies must also implement airtight processes across an organisation, from the actions that must be taken to training and educating employees – particularly vital in the age of remote-working.

In these challenging times, where operations have been upended and cyber criminals can use the pandemic to their advantage, protecting against existing and potential weaponised vulnerabilities has never been more important.

Contributed by Dr. Jan-Oliver Wagner, CEO and co-founder, Greenbone Networks

 

 

 

FacebookTweetLinkedIn
ShareTweetShare
Previous Post

OneLogin Eases Adoption of Zero Trust Framework with Delegated Administration

Next Post

Preparing for the ever-growing threat of ransomware

Recent News

Data Privacy Day: Securing your data with a password manager

Data Privacy Day: Securing your data with a password manager

January 27, 2023
#MIWIC2022: Carole Embling, Metro Bank

#MIWIC2022: Carole Embling, Metro Bank

January 26, 2023
Lupovis eliminates false positive security alerts for security analysts and MSSPs

Lupovis eliminates false positive security alerts for security analysts and MSSPs

January 26, 2023
Threat actors launch one malicious attack every minute

Threat actors launch one malicious attack every minute

January 25, 2023

The IT Security Guru offers a daily news digest of all the best breaking IT security news stories first thing in the morning! Rather than you having to trawl through all the news feeds to find out what’s cooking, you can quickly get everything you need from this site!

Our Address: 10 London Mews, London, W2 1HY

Follow Us

© 2015 - 2019 IT Security Guru - Website Managed by Calm Logic

  • About Us
No Result
View All Result
  • Home
  • Features
  • Insight
  • Events
    • Most Inspiring Women in Cyber 2022
  • Topics
    • Cloud Security
    • Cyber Crime
    • Cyber Warfare
    • Data Protection
    • DDoS
    • Hacking
    • Malware, Phishing and Ransomware
    • Mobile Security
    • Network Security
    • Regulation
    • Skills Gap
    • The Internet of Things
    • Threat Detection
    • AI and Machine Learning
    • Industrial Internet of Things
  • Multimedia
  • Product Reviews
  • About Us

© 2015 - 2019 IT Security Guru - Website Managed by Calm Logic

This site uses functional cookies and external scripts to improve your experience.

Privacy settings

Privacy Settings / PENDING

This site uses functional cookies and external scripts to improve your experience. Which cookies and scripts are used and how they impact your visit is specified on the left. You may change your settings at any time. Your choices will not impact your visit.

NOTE: These settings will only apply to the browser and device you are currently using.

GDPR Compliance

Powered by Cookie Information