It’s Halloween again, time for ghosts, goblins, witches, and the TV show “It’s the Great Pumpkin Charlie Brown”. Most trick or treaters are harmless, and in fact it’s kind of fun to dress up and go trick or treating. I’ll be strapping on my Lederhosen this year and will go out as an attendee at Oktoberfest.
Unfortunately, most cyber criminals do not dress up in costumes and come to your IT front door ringing the bell saying “trick or treat”. They take the “trick” approach, and look for an open window or back door security vulnerability to exploit, and create a breach to steal the whole bucket of treats. In fact, almost half (41% to be exact) of all breaches result from the exploitation of a software vulnerability. The specter of a security breach haunts many of us, so what can be done to prevent being a victim to this nasty trick? I would recommend 3 things:
1) Keep watch and guard the front door. Visibility to your IT infrastructure is critical, and staying on top of vulnerability scanner data (even though there’s usually a ton of it) is critical. Discovery solutions can help by eliminating blind spots, such as servers that have not been scanned and could contain weaknesses you do not know about. Solutions that bridge the “SecOps” gap between Security and Operations, and give each group visibility to what the other is doing, can also help.
2) Close your doors and windows. Act on security scanner data, and prioritize and patch rapidly. On average, organizations take 84 days to patch a vulnerability, but hackers exploit them in only 30 days. That means organizations have a window of vulnerability of 54 days. Other studies show that the “average” organization has fixed only 61% of their exposures within the 84-day timeframe, meaning that up to 39% of their vulnerabilities remain. The “above average” organization (better than 75% of their peers) completed 94% of their patching within the 84 days. Many of these have deployed more up-to-date vulnerability management and server automation solutions to help achieve this improved result.
3) Stay ahead of the threat. Be proactive, not reactive. According to the Ponemon Institute, 60% of organizations are focused on response, not prevention. This is because they are overwhelmed, and the number of vulnerabilities continues to grow each year. In fact, they doubled in 2017 but did your staff? I doubt it. And even if you could double your staff each year, there is a shortage of skilled cybersecurity labor. The answer is automation, for Vulnerability Management and Server and Network automation for patch deployment and configuration changes.
Focusing on these 3 key things can be a big step forward in managing the vulnerabilities your organization faces, and could enable you to turn the tables on an attacker. Have a look at this short white paper and learn more about how BMC can help you manage security vulnerabilities as well as compliance, and remediation.
Wouldn’t it be a treat if this year, the hackers would fall victim to your security tricks, and be kept outside your front door instead of coming inside?
These postings are my own and do not necessarily represent BMC's position, strategies, or opinion.