In the third quarter of 2017, 5,973 detections of unique exploits (malware that exploits holes in computer systems) were recorded, with an average of 153 per company. 79% of companies have suffered severe attacks, as in the case of the data breach suffered by the US credit control agency Equifax which exposed the personal information of around 145 million consumers.
In addition, 14,904 unique variants of malware belonging to 2,646 different families were recorded, of which 25% were mobile, and 22% were ransomware.
The first way to prioritize is to understand which vulnerabilities are most likely to be targeted. Knowing the exposure that attackers mainly investigate can help determine which assets will require patching first. The first rule, therefore, is to prioritize the management of these vulnerabilities on the controls used to protect IT assets.
Understanding that successful attacks have a higher likelihood of recurrence is also helpful. When a breach occurs, you need to look at the attack vectors and see if your network has the same possibility of exposure. If so, it becomes essential to reduce that exposure or eliminate it.
Perform Risk Assessments
To effectively overcome vulnerabilities, it is essential to find out where it is necessary to strengthen the defenses and perform a risk assessment. ISACA (Information Systems Audit and Control Association) aims to understand the existing system and environment, then identify risks by analyzing the information and data collected.
It, therefore, becomes a priority to start collecting the relevant information, starting with a complete inventory of physical assets, including network infrastructure, laptops/desktops, IoT, data management systems, and other connected devices, without excluding security solutions, such as firewalls, systems intrusion detection, and network monitoring tools.
Once you’ve cataloged all the applications and services running on your network, you must understand what information about network components, applications, and services is publicly available. This information can be collected automatically with various tools, such as a SIEM solution. Finally, you should cross-check this information with compliance requirements that define minimum security controls and any documented or informal policies, procedures, or guidelines. Once this information is gathered, several tasks need to be performed:
- Identify short- and long-term business goals that impact IT and security.
- Review existing standard security policies, guidelines, protocols, and procedures.
- Analyze company assets to determine potential threats and vulnerabilities.
- Evaluate physical protections for computing components and networks.
- Analyze security appliances, remote access systems, and AAA devices and compare them against network and business requirements.
- Assess the current level of safety awareness and employee engagement.
- Review security agreements with vendors, contractors, and cloud and service providers.
After taking these first steps, you can start developing and updating your existing security and risk management strategies and technologies.
Fighting The New Normal
Organizations, especially those undergoing digital transformation, must reassess cybersecurity hygiene and identify emerging risks. However, as the volume, velocity, and automation of attacks continue to increase, it’s also increasingly important to align your patch prioritization schedule with what’s happening worldwide.
An assessment of the risks of the environment will help counter what is now the new regular, widespread, and pervasive digitization that makes the company constantly exposed to multiple types of attacks. Starting with the best practices outlined helps you create a flexible security strategy to adapt and protect your business as today’s threat landscape changes.