Cybersecurity is a journey, not a destination. Protecting your networks from harm requires continuous vigilance against sophisticated threats targeting a wide variety of attack surfaces. Rather than trying to build a static fortress to keep all of them out, it’s more practical to keep reassessing the moat around it, ideally in tandem with a trusted IT security solutions provider.
Why seek external help with security? The short answer is that effective oversight and remediation require significant time and money that many companies lack. Due to shorthanded technical teams and widespread budgetary constraints, many known vulnerabilities go unclosed while new ones go undetected.
A 2017 study by Enterprise Management Associates found that three-quarters of cybersecurity professionals felt overwhelmed by the amount of necessary vulnerability maintenance in their organizations. The specific issues in many modern networks (i.e., serious but usually solvable ones) reflect this widespread problem in channeling sufficient resources toward pressing problems.
Let’s dive into three of these prominent challenges.
1. Unpatched third-party software
You probably wouldn’t drive a car that had a publicly documented history of major defects. However, a similar situation is commonplace with business applications, many of which are rife with known yet unpatched exploits.
WordPress plugins are notorious in this respect, as are snippets of code pulled from random developers on GitHub or online forums, according to TopTal. These components may be active in production systems for years despite proven vulnerabilities to attack.
Always verify any new code or software entering your organization, especially if it was produced by a third party. Working with a trusted partner like LaSalle Solutions can further shore up your security posture by ensuring you have the most up-to-date IT infrastructure.
2. Outdated infrastructure
When vendors began issuing patches for the recently discovered Meltdown/Spectre CPU exploits, many end users noticed their PCs and servers slowing down. The drop-off was most pronounced on older devices with less efficient processors running Microsoft Windows 7 and 8, along with servers with significant I/O workloads. Users had to choose between a significant slowdown and the risk of having their sensitive data intercepted by malware.
One lesson here is that aging IT assets can become major liabilities. Even if they aren’t specifically compromised by advanced attacks (e.g., the WannaCry ransomware that exploited a legacy version of the Server Message Block protocol), their long-term performance deterioration makes them vulnerable to further slowdowns from the resulting patches and updates adding new overhead. Plus, they naturally lack the built-in protective features of newer tech.
Plan your asset lifecycle management processes in advance and take advantage of IT refresh programs so that you aren’t saddled with risky assets. For example, LaSalle Solutions can help you find a leasing strategy that makes technical as well as financial sense.
3. Out-of-date and unpatched applications and devices
Single-factor passwords are among the biggest precipitators of data breaches. Eight in 10 hacking incidents involve a stolen or easily guessed password, according to the 2017 Verizon Data Breach Investigations Report.
It’s not just end users who fail to protect their accounts. Some routers, switches and storage devices are set up and configured without any changes to their default login credentials, while others contain hardcoded passwords that in theory could be entered by attackers to access the network.
Implement strong passwords wherever possible. Use established authentication frameworks that don’t leak details such as session IDs. Moreover, deploy multi-factor authentication so that leaked data alone alone isn’t enough for an outsider to log in.
Modern Security Requires the Right Partner
Cybersecurity is increasingly a collaborative process between customers and vendors. LaSalle Solutions can provide the consultative expertise, network architecture design and ongoing review needed to defend your network.