Between a series of recent high-profile cybersecurity incidents and heightened geopolitical tensions, there has rarely been a more dangerous cybersecurity environment. It is a danger that affects all organizations: automated attack campaigns do not discriminate between targets.
The situation is due in large part to a relentless rise in vulnerabilities, with tens of thousands of new vulnerabilities discovered each year. For technology teams that may already be under-resourced, protecting against this rising tide of threats is an impossible task.
However, in the battle against cybercrime, some of the most effective and sensible mitigations are sometimes neglected. In this article, we’ll describe why cybersecurity risks have escalated so dramatically, and what easy wins your organization can make a significant difference to your cybersecurity posture, right now.
Recent major cyber attacks point to danger
Arguably, cyber security has never been more important. With the rise in vulnerability numbers continuing unabated for years, coupled with geopolitical tensions, no company can claim to have cyber security that is impervious to penetration. In recent weeks we have seen continuous reports of security breaches at Microsoft, Nvidia, Vodafone and many others.
In March, a group of teenagers belonging to the Lapsus$ group managed to hack into Microsoft and steal the source code for key products, including its Cortana voice assistant and an internal Azure development server.
Lapsus$, which consists of a group of teenagers, did not stop there. Nvidia also came under fire, as the company admitted that sensitive corporate data, including proprietary information, was leaked. as well as employee credentials. Something similar happened to the consumer group Samsung and the consulting firm Globant. All damage caused by a single group of scoundrels.
The backdrop for these events.
Of course, Lapsus$ is just an active pool. There are countless others who go after major and minor organizations alike. The list is endless: this February, mobile, fixed line and TV services went offline for a large part of the population of Portugal. since Vodafone Portugal suffered a significant cyber breach. And no one is saved: in January 2022, the red cross was hackedexposing the personal data of hundreds of thousands of people.
Hacking, intrusions, extortion… left, right and center. Where does it end?
Well, it’s not likely to end any time soon. There is a constant stream of new vulnerabilities and, by extension, new threats appear. For 2021, nearly 22,000 new vulnerabilities were published in the National Vulnerability Database, a 27% increase from the 2018 count, just 3 years ago.
Every year the total list of vulnerabilities grows, creating an ever-increasing mountain of possible risks. The list of actors with an interest in successfully exploiting the vulnerabilities isn’t exactly shrinking either, as the latest geopolitical instability adds to the threat.
Mitigation is difficult and multi-pronged
A lot of effort goes into solving the problem, trying to mount a defense. But as our long list of examples showed, and as this list of top hacks underlines, these defenses don’t always work. It’s all too easy to underestimate resources, and resources can easily be misallocated.
The problem is that fighting cybercrime is multitasking: you can’t beat cybercriminals by just focusing on one or two defensive aspects. It has to be the entire mandate, from endpoint security and encryption, to firewalls and advanced threat control, to hardening exercises like patching and restricted permissions.
All of these components need to be in place and work consistently, but that’s a big question when IT teams are fighting for staff resources. To be fair, it’s impossible to set up an airtight cybersecurity perimeter: if multi-million dollar companies can’t do it, it’s unlikely the typical company will. But some essential parts of vulnerability management are sometimes neglected.
A quick win that is neglected
According to the Ponemon report, it takes about five weeks to fix a vulnerability. Therein lies an important part of the problem. Arguably, fixing vulnerabilities through patching is one of the most effective ways to combat cyber threats: if the vulnerability no longer exists, the opportunity to exploit it also disappears.
The need to patch has been mandated at the highest level, including by the Cybersecurity and Infrastructure Security Agency (CISA), which recently released a list of vulnerabilities. which must be patched by covered organizations. Similarly, the recent Shield notification it also strongly points to patching as a critical step that significantly supports cybersecurity.
Given the relative ease of patching, apply it and it will work, patching should be a no-brainer. Patching is an easy win that can easily transform an organization’s cybersecurity posture. A recent study from the Ponemon Institute found that of the respondents who experienced a breach, 57% said it was due to a vulnerability that could have been closed by a patch.
Why patching is delayed
We have established that patching is effective and achievable, so the question is, what is holding back patching? There are multiple reasons for that, including, for example, the occasional risk that an untested patch might cause a system crash.
But the most obvious problem is the interruption during patching. Patching a system traditionally makes it unavailable for a period of time. It doesn’t matter if you’re patching a critical component like the Linux Kernel or a specific service, the common approach has always been to reboot or reboot after patches are deployed.
The business implications are significant. Although you can mitigate through redundancy and careful planning, there is still the risk of lost business, reputational damage, performance degradation, and dissatisfied customers and stakeholders.
The result is that IT teams have struggled with maintenance windows that are woefully inadequate, often too far apart to adequately react to a threat landscape that can see attacks occurring minutes after a vulnerability is disclosed.
Taking active measures against cyber risks
So yes, organizations should consistently apply patches as the first step among many. There is a way forward for patching, thankfully, and it’s called live patching technology. Live patching solutions like TuxCare KernelCare Company provide a non-disruptive solution to the patching challenge.
By patching running software on the fly, it eliminates the need for disruptive reboots and reboots, and maintenance windows. Therefore, there is no need to wait to install a patch. Additionally, the automated nature of live patching means patching windows are virtually eliminated.
It is essentially an instant patch deployment: as soon as the vendor releases a patch, that patch is applied, reducing exposure and the window of risk to a minimum, with no impact on business activities.
This alternative and effective approach to patching illustrates how there are effective steps to take within the cyber security battle, steps that are also resource friendly. Another simple yet effective way to harden systems against cybersecurity threats is MFA. Organizations that do not already use multi-factor authentication (MFA) should enable it where providers offer it.
Quick wins are everywhere
The same goes for other quick wins. Take the principle of least privilege, for example. Simply by instilling a permission-aware culture in technology teams, organizations can ensure that potential players have minimal opportunities to break into systems and progress if they do get in. That goes for network segmentation, another effective yet resource-friendly tool against the threat of cybercrime.
The point is, as much as the cybersecurity threat is almost out of control, there are plenty of reasonably easy paths that allow organizations to mount a stronger defense. In other words, ignoring tools like live patching, MFA, and permissions management just makes a difficult fight that much harder. On the contrary, jumping on these quick wins can quickly strengthen your cybersecurity posture.