This is the first installment in a 4-part blog series on cyber-security, sponsored by our partner Meriplex, and their Director of Information Security, Andres Ruz.
Ransomware attacks are growing more than 350% annually. In 2019 alone, ransomware attacks in the United States cost government and industry over $7.5 billion. These attacks are becoming more sophisticated, causing more downtime, lasting an average of 16 days – up from 12 days last year.
No organization is immune from the threat of ransomware. When you are hit with such an attack, the malware infects your systems and locks you out of your own data. You’ll likely be faced with a difficult dilemma: spend weeks or possibly months repairing and restoring your systems – suffering the downtime and costs that would entail – or simply pay the ransom. Too often, paying the bad guys is the least expensive option.
You can’t protect what you can’t see
One of the biggest challenges in dealing with cyber-attacks is that vulnerability is never static. New vulnerabilities in IT systems are constantly emerging, creating new cyber-threats. These new vulnerabilities emerge when networks, applications, databases, hardware, and other solutions are upgraded or newly added to your IT ecosystem. These may become vulnerable due to misconfigurations, software defects, or simply because a “proper” configuration creates a safety risk no one thought of before.
Ransomware is designed to slip unnoticed past your security controls and exploit these vulnerabilities. It often utilizes trusted processes, such as email attachments designed to look like legitimate company documents. Employees unknowingly click on and download the attachments, and the hackers are in. The ransomware harnesses your internal systems, encrypting files and disabling backup and recovery processes before your IT security team knows what’s happening. The ransomware may even sit undetected for months, waiting for your systems to become sufficiently vulnerable.
To protect themselves, it’s crucial for organizations of all types to employ a robust vulnerability management program (VMP).
VMPs reduce information security risk
Vulnerability management programs (VMPs) identify, prioritize, and remediate vulnerabilities before attackers can exploit them. They use a proactive, calculated approach to continuously scan enterprise assets for any possible vulnerabilities. Once these are discovered, the Information Security Team needs to plan the remediation of them. These programs can also perform continuous assessments of the current state of your enterprise cybersecurity.
Requirements of a successful VMP
A reliable VMP, one that lets you sleep soundly at night without worrying about ransomware or other types of cyber-attacks, is no longer optional in today’s cyber-threat landscape. It’s essential. So, what does reliable look like? Well, any VMP you can trust to protect your data must have the following capabilities:
It is very difficult to protect assets you don’t even know you have. For this reason, the ability to maintain a comprehensive and up-to-date asset inventory is a fundamental component of any VMP. Your VMP must be able to create a list of all computing assets on your network. And since this list will constantly change, your VMP should be able to keep that list current through regular updates.
In addition to having an accurate and up-to-date inventory of all assets on your system, it is equally important to classify your assets by purpose, function, location, and so on. Having your assets organized in a systematic way enables rapid remediation of vulnerabilities by providing insight into the type and quantity of assets affected.
In addition to discovering and cataloging your assets, the VMP must do something even more important: assess them for vulnerabilities. Comprehensive assessments will not only seek out vulnerabilities, but should also identify any issues with regard to the organizational, regulatory, or legal compliance requirements that your systems are subject to.
Your VMP should be able to generate detailed reports based on these vulnerability assessments and deliver these reports to all appropriate stakeholders. These reports must include all relevant data on the current state of your network assets, flagging anything that needs to be addressed.
Prioritization and Remediation
After discovering, organizing, assessing, and documenting your systems’ vulnerabilities, you will need to develop a remediation plan. Your VMP should be able to facilitate the prioritization of the most important vulnerabilities to remediate, scheduling and applying corrective measures for at least any vulnerabilities categorized as critical or high (CVSS).
After the remediation phase, your VMP should perform an additional vulnerability assessment to verify that you have secured all vulnerabilities as you intended.
Meriplex helps you align your information security strategy with your business goals, reducing your cyber risk and ensuring these controls are effective for your organization. Meriplex’s vulnerability management program identifies, prioritizes, and remediates vulnerabilities before an attacker exploits them to undermine the confidentiality, integrity, or availability of your enterprise information assets. Leveraging Netrality’s interconnected colocation data centers and direct cloud on-ramps, Meriplex ensures the highest performing and most cost-effective solutions for their customers.
Stay tuned for future installments in our 4-part cyber-security blog series on Network Access Controls, Cloud Security, and NextGen AntiVirus.