The US Cyber Security Agency (CISA) recently released an Emergency Directive and Activity Alert addressing critical vulnerabilities affecting Microsoft Windows and Windows Remote Desktop Protocol (RDP). Vulnerability management can help organizations get a handle on such vulnerabilities.
Consequently, Microsoft released fixes for 50 security vulnerabilities in the Windows operating system, creating yet another scramble by IT professionals to patch their computer systems.
Part of what Microsoft fixed in the updates released was what is regarded as a major crypto-spoofing bug that affected Windows 10 users.
A key point is to realize that this particular vulnerability could allow a cyber criminal or hacker to spoof a code-signing certificate, vital to validating executable programs in Windows, and make it appear as if an application was from a trusted source.
Keep in mind that in technology terms, spoofing is defined as a fraudulent or malicious practice in which communication is sent from an unknown source disguised as a source known to the receiver.
To put it another way, when this vulnerability is exploited and code-signing certificates are spoofed, the operating system will find it difficult to tell the difference between malware and Microsoft software.
What does this mean for your organization?
Generally speaking, every Microsoft Windows device relies on trust established by code-signing security certificates, and these certificates act as machine identities. Therefore, any break in the process of creating these identities, through spoofing or so-called man-in-the-middle attacks, for example, could allow anyone to create software that looks legitimate.
One point often overlooked is that since many small business environments do not have the ability or technical personnel to patch systems effectively, bad guys can evade anti-malware protection and even Microsoft’s own checks and balances by exploiting un-patched vulnerabilities.
This is more critical because there are hundreds of entities known as “certificate authorities” installed in the Windows operating system and many organizations are completely unaware of the number of certificates on their systems.
Imagine a malicious actor having full rein on those certificates.
In addition, the older the computer system and the operating systems running on them, the higher the possibility that these systems, many of which are critical systems will not get patched. Especially now that Windows 7, Server 2008, and Server 2008 R2 have received their final public patch release as of January 14, 2020.
How Difficult is Vulnerability Management?
Vulnerability management or patching is hard work. It takes a lot of time, technical know-how, and patience. And if not done properly, a botched patch can disrupt the computer network resulting in considerable downtime and loss of revenue.
All things considered, it is the sheer volume of patches that usually have small business owners overwhelmed.
For example, on January 14, 2020, Cisco issued 14 patches for flaws across its products, including 12 medium-severity flaws and two high-severity flaws that could allow an unauthenticated, remote attacker to bypass endpoint authentication and execute arbitrary actions with administrative privileges on targeted devices.
For its part, Microsoft released fixes for 50 security vulnerabilities in the Windows operating system, as mentioned above.
Similarly, Oracle Corporation released patches for over 300+ bugs in its January 2020 quarterly critical patch update advisory.
That is a lot for an organization to handle, especially organizations with no experienced technical staff.
This is especially true for small organizations who do not have dedicated IT staff to analyze, research and test patches before they are applied to production systems. In some instances, attackers have successfully exploited vulnerabilities because targeted customers had failed to apply available patches.
A major part of the problem is that some security updates require manual intervention before they are installed. As a result, we have found that in businesses and organizations that rely solely on Windows update to automatically apply patches, a lot of those updates are never applied.
Under these circumstances, we recommend that businesses who lack the technical expertise to implement an effective vulnerabilities in their environments should outsource the problem to a vulnerability management service provider.
What is Vulnerability Management?
Vulnerability management is the process of identifying, classifying and handling vulnerabilities. A comprehensive vulnerability management system promotes consistent processes for dealing with a wide spectrum of cyber threats.
Vulnerability management is therefore, a security practice specifically designed to proactively mitigate or prevent the exploitation of IT vulnerabilities which exist in a system or organization. It is an integral part of computer and network security and is practiced together with risk management as well as other security practices.
Benefits of Vulnerability Management
In the event that a professional organization is managing vulnerabilities in your computer environment, there is a certain assurance regarding system stability and security that comes with it.
Furthermore, instead of your computer systems missing critical updates or not being patched in a timely manner, relevant fixes (patches) are applied in a timely manner on your behalf by dedicated technology personnel who are experts in cyber security and computer management.
Another key point is that vulnerability management also applies to your employees with laptops who are constantly on the road, or working remotely. As long as they have Internet access, patches can be installed as soon as they become available, after they are tested for stability.
How Tech Prognosis Can Help
In the final analysis, our vulnerability management system can help your organization analyze weaknesses in your computer network and work with you to determine remediation steps:
- Based on your businesses processes, we will create a customized patch maintenance plan that is in line with Microsoft’s Patch Tuesday schedule.
- Our technician will perform maintenance tasks after business hours as a strategic move to minimize disruptions to clients and employees.
- When a computer system or device needs patching, the update is applied as needed.
More important however, is that we make sure the system is working properly through continuous monitoring.
What is involved?
The vulnerability management process is made up of different components, and these include:
- Patch management
- Security policy Implementation
- The use of technical controls
- Periodic security assessments
- The encouragement of the application of security best practices
In any event, while a lot of the leaders of small organizations may see vulnerability management as something that is only suitable for larger corporations, nothing can be further from the truth.
Hackers and threat actors with malicious intent do not care about the size of the organization. Businesses don’t need to be massive corporations or have super sensitive information to be frequent targets of cyber attacks.
Indeed, small organizations are increasingly becoming the favorite target of cyber criminals. As an illustration, recent cybersecurity statistics from Verizon show that, despite their size, small businesses account for the majority of data breaches (58%).
The security of your organization is important and any competitive advantage that can be had by using third-party resources to secure the organization should be explored.
If you have any questions about how to implement vulnerability management in your organization in Round Rock and surrounding cities, contact us at (512) 814-8044 or use this form.