With a string of high-profile cyberattacks and rising geopolitical tensions there has never been a more hazardous cybersecurity environment. This is a threat that can affect every company – automated attacks don’t differentiate between targets.
The situation is driven in large part due to a relentless rise in vulnerabilities, with tens of thousands of brand-new vulnerabilities discovered every year. For tech teams that are probably already under-resourced, guarding against this rising tide of threats is an impossible task.
But, sometimes the best and most practical mitigations in cybercrime prevention are overlooked. We’ll discuss why cybersecurity threats have escalated so rapidly – and what easy wins you can take to improve your organization’s cybersecurity posture right away.
Recent major cyberattacks highlight the danger
Cyber security has arguably never been more important. With an increase in vulnerabilities that has been unabated over years, and the rising geopolitical tensions it is impossible for any company to claim that its cybersecurity is immune from penetration. In recent weeks, we’ve seen non-stop reports of security breaches at Microsoft, Nvidia, Vodafone, and many others.
In March, teenagers from the Lapsus$ Group managed to hack Microsoft, steal key product source codes, including the Cortana voice assistant and internal Azure server developer servers.
Lapsus$ is a teenager-led group. But it didn’t end there. Nvidia was also targeted, as the company admitted that sensitive corporate data was leaked, including proprietary information as well as employee credentials. Something similar happened to consumer group Samsung, and to consultancy Globant. This is the extent of all damage done by one miscreant.
The backdrop for these events
Of course, Lapsus$ is just one active group. Numerous other groups are also targeting minor and major organizations. There are many others who target both major and minor organizations. And nobody is spared – in January 2022, the Red Cross was hacked, exposing the personal data of hundreds of thousands of people.
Hacking, intrusions, extorsions… left, right, and center. Where does it end?
Well, it’s not likely to end anytime soon. There’s a steady stream of new vulnerabilities, and by extension, new threats appearing. By 2021, almost 22,000 new vulnerabilities were published on the National Vulnerability Database, an increase of 27% over the count for 2018, just 3 years ago.
Every year, the number of vulnerabilities increases. This creates a mountain of potential risks. The list of actors with interest in successfully exploiting vulnerabilities isn’t exactly shrinking either, as the latest geopolitical instability adds to the threat.
Mitigation is tough and multi-pronged
A lot of work goes into solving the problem and trying to build a defense. These defenses do not always work, as the long list of examples shows. It is too easy to under resource, and resources can easily be allocated incorrectly.
The problem with fighting cybercrime involves many facets. You can’t defeat cybercriminals if you only focus on one aspect. This must encompass all aspects of the remit: encryption and endpoint security, firewalls, advanced threat monitoring, and hardening activities such as patching or restricted access.
All of these components must be present and executed consistently. However, this is a huge task when IT departments are short on staff. In all fairness, it’s impossible to set up a watertight cybersecurity perimeter – if multi-billion-dollar firms can’t do it, it’s unlikely that the typical business will. But some essential parts of vulnerability management are sometimes neglected.
A quick win for
According to the Ponemon report, it takes roughly five weeks to fix a vulnerability. This is the core of the problem. Fixing vulnerabilities through patching is arguably one of the most effective ways to combat cyber threats: if the vulnerability no longer exists, the opportunity to exploit it disappears too.
The need to patch has been mandated at the highest level – including by the Cybersecurity and Infrastructure Security Agency (CISA), which recently published a list of vulnerabilities that must be patched by covered organizations. Similarly, CISA’s recent Shields Up notification also points strongly to patching as a critical step that significantly supports cybersecurity.
Given the relative ease of patching – apply it and it works – patching should be a no-brainer. It is easy to transform cybersecurity in an organization with patching. A recent study by the Ponemon Institute found that of the respondents that suffered a breach, 57% said it was due to a vulnerability that could have been closed by a patch.
Why is patching delayed
We’ve established that patching is effective and attainable – so the question is, what’s holding back patching? There are multiple reasons for that – including, for example, the occasional risk that an untested patch can lead to system failure.
But disruptions during patching are the biggest problem. Patching a system traditionally leads to it being unavailable for some amount of time. It doesn’t matter if you’re patching a critical component like the Linux Kernel or a specific service, the common approach has always been to reboot or restart after deploying patches.
The business implications are significant. Although you may be able to mitigate the risks through redundancy or careful planning, it is still possible for your business to suffer reputational and performance damage as well as losing customers and other stakeholders.
The result is that IT teams have struggled with maintenance windows that are woefully inadequate, often too spread apart to properly react to a threat landscape that can see attacks happen within minutes of the disclosure of a vulnerability.
Actively taking steps against cyber risks
Organizations need to patch regularly as a first step. There’s a way forward for patching, thankfully, and it’s called live patching technology. Live patching solutions like TuxCare’s KernelCare Enterprise provide a non-disruptive solution to the patching challenge.
By installing patches on running software on the fly, it removes the need for disruptive reboots and restarts – and maintenance windows. It is therefore unnecessary to wait for a patch to be installed. What’s more, the automated nature of live patching means that patching windows are virtually eliminated.
It’s essentially instantaneous patch deployment – as soon as the vendor releases a patch, that patch gets applied which reduces exposure and the risk window to the minimum, with zero impact on business activities.
This alternative and effective method of patching shows how effective there are steps you can take in the cybersecurity fight – but they are also resource-friendly. Another simple but effective way to harden systems against cybersecurity threats is MFA. Organizations that are not yet using multi-factor authentication (MFA) should enable it wherever providers offer it.
Quick victories are all around
The same applies to other quick wins. Take the principle of least privilege, for example. Organizations can instill a culture of permissions awareness within their tech teams to ensure potential attackers have very few opportunities to access systems and that they are able to move forward if they manage to do so. Network segmentation is another effective and resource-friendly tool to combat cybercrime.
The point is that as much as the cybersecurity threat is just about out of control, there are nonetheless many reasonably easy routes that allow organizations to mount a stronger defense. It is simply not worth the effort to ignore tools like live patching and MFA. These quick wins, however can be a great way to strengthen your cybersecurity position.