Global discussions on vulnerability management are dramatically increasing and taking a much-needed serious tone. Recent attacks have highlighted the need for global attention to be placed on how to reduce the threat, and impact, of future malicious attacks by cyber criminals. If vulnerabilities are not taken care of in a timely fashion the organization is left exposed and susceptible to compromise or attack. Weak security practices such as not patching known vulnerabilities quick enough, not limiting privileged access to cloud systems, and leaving infrastructure and endpoints unmanaged are endangering organizations throughout the world.
Last month, on the first part of this three-part blog, we spoke about trends in Attack behaviors. We learned that exploits are down and causing new strategies to surface, spyware is as bad as it sounds, business email compromise is on the rise, and IoT is only just emerging and therefore an easy target for attacks. This time, we are discussing what the Cisco 2017 Midyear Cyber-security Report found to be the three most common vulnerability trends in organizations that threat actors are using to penetrate systems and data.
Vulnerability patching is not happening quick enough
Malicious actors are actively seeking out insecure databases, OS, applications, etc. exposed on the internet that they can comprise. For instance, take the WannaCry attack. Threat actors took advantage of a Windows vulnerability on devices that were unpatched. Fortunately, the organizations that patched the vulnerability from the previous month were not in risk of the ransomware. The ones that took too long to patch, were in risk of the widespread ransomware attack. Patches need to be made a more urgent task throughout organizations.
Many organizations are turning to MSPs for managed patching. They will take the cumbersome tasks off IT staffs to free up time for revenue generating projects. They will monitor patch updates, test them, and deploy for your machines.
Malicious attackers are moving to the cloud
When it comes to enterprise security, cloud is a dimension that could be improved upon. The cloud is a new frontier for hackers, and they are exploring it. Cloud systems are mission critical for organizations these days and hackers recognize the financial gain they could experience from that. Threat actors realize that they can infiltrate connected systems faster by breaching cloud systems. Open authorization risk and poor management of single privileged user accounts create security gaps that threat actors can easily exploit.
The Cisco report examined the risk of connected third-party cloud applications into the organization by employees. “These apps touch the corporate infrastructure and can communicate freely with the corporate cloud and software platforms as soon as users grant access through open authorization.” For example, when you look at the phishing campaign that targeted Gmail users. This phishing campaign attempted to infiltrate the OAuth infrastructure. The attack tried to gain control of user’s email accounts and spread the phishing worm to their contacts. Cisco stated that “more than 300,000 corporations were infected by the worm.”
Some of the largest breaches began with the compromise of a single privileged user account. Gaining access to a privileged account can give hackers the virtual keys to the kingdom. Cisco threat researches examined 4410 privileged user accounts at 495 organizations. They found that, “six in every 100 end users per cloud platform have privileged user accounts. Of these though, only two accounts carry the most administrative tasks, meaning over 75 percent of admin accounts could be removed with little or no business impact.
Hackers have already moved to the cloud and are working relentlessly to breach corporate cloud environments. Make sure you are tightening these factors to strengthen your cloud security.
Unmanaged endpoints and infrastructures
New emerging technology and network dynamics enable a greater attack surface by introducing new risks and gaps. The cloud is also a major contributor of this as well. These unmanaged gaps can cause for huge vulnerabilities. Many companies underestimate the risk of blind spots in their enterprise network, endpoints, and cloud infrastructures. Unmanaged network infrastructure and endpoints can be easily compromised by attackers looking to gain a foothold that will enable them to move laterally within an organization. Even a simple router, network firewall, or segmentation misconfiguration can provide an attacker with an opportunity to penetrate infrastructure and gain access to sensitive data.
To achieve visibility, organizations need access to real-time, context-driven security intelligence. Without solutions that enable real-time monitoring, attackers can successfully move around a network unchecked and undetected. A solution like Unified Security Management can achieve actionable threat data that can help your organization achieve greater security intelligence. Our Engineers monitor 24/7/365 so that organizations of all sizes can achieve greater visibility and incident response; quick and easy.
Actions need to be taken, quickly, to tighten security and lessen vulnerabilities within organizations. Even though discussions on vulnerabilities are increasing, action is the only way to achieve a greater security posture and reduce the threats and impact of future malicious attacks.
Tune in next time! We will soon release the third-part of this blog series. We will be wrapping it up with a discussion on how organizations of all sizes can take control of their security posture and protect their mission critical information from the risks and vulnerabilities emerging today and in the future.
In case you missed it…
Part 1: 2017 Trends in Attack behaviors
It’s time to finally say, Happy Holidays! While the holiday season is for spending time with your family, eating way too much, and spreading the holiday cheer, it also signifies that the year is coming to an end. And, we’ve all heard the cliché saying, new year new me, right? Well, as you might have … Continue reading “New Connections: An Introduction to Magna5”
In the recent Solarwinds MSP Cyber Preparedness Survey, Solarwinds surveyed 400 Small- to Medium-Sized Enterprises. This survey investigated the cyber security preparedness, experiences and failings of these organizations to better understand what we can be doing to better protect critical information. The headlines of all the attacks this year are enough to scare people to … Continue reading “7 Pitfalls That Are Hindering Your Cyber Security”
FOR IMMEDIATE RELEASE Contact: Anne Clarrissimeaux Communications Manager Magna5 firstname.lastname@example.org 214-552-0910 MAGNA5 ACQUIRES NETSERVE365 Fourth acquisition in 18 months strengthens PaaS, IaaS, UCaaS services portfolio with addition of award-winning network and server monitoring and management, cloud hosting and managed IT security services Pittsburgh (November 16, 2017) – Magna5, a portfolio company of NewSpring … Continue reading “Magna5 Acquires NetServe365”