The following article is part of our National Cyber Security Awareness Month (NCSAM) Article Series and was written by Seth Arbital, Chief Information Security Officer of Align.
Photo Credit: © turbomotion046 - stock.adobe.com
“The key is for the gentleman, the crook finds a way.” While this is true, we still place strong locks on our doors and valuables, and set alarms. Threat actors are continuously finding ways around the cybersecurity controls that we implement. This is why we must establish versatile and dynamic cybersecurity programs that are able to adapt as threats evolve. While we still need to set alarms and monitor for anomalous events, we also need to lock the cybersecurity doors. One way to begin accomplishing this is through a strong Vulnerability Management Program that incorporates diligent patch management.
We hear security professionals talk about Zero-Day threats, in which vulnerabilities or weaknesses in systems, unbeknownst to the vendor, are exploited by hackers. However, while these risks require proper controls, the most publicized attacks this year, affecting hundreds of millions of people, were due to exploiting known vulnerabilities. As these attacks were not Zero-Day, they were completely preventable.
According to the March 14, 2017 article in eWeek magazine entitled, “Software Patches Could Prevent Most Breaches, Study Finds,” “Approximately 80 percent of companies that had either a breach or a failed audit could have prevented the issue with a software patch or a configuration change, according to a security-automation survey of 318 firms.”
There are many reasons why firms fail to adequately patch their systems, some of which include:
The development and implementation of an adequate Vulnerability Management Program, with proper patch management policies and processes, are key to addressing the above challenges. The following are helpful steps towards establishing such a program:
While a crook will find a way, do not make it any easier. Lock your cyber doors and significantly reduce your risk exposure by implementing and maintaining a good Vulnerability Management Program, that includes consistent and prioritized patching.
For more information about our services, contact cyber@align.com or visit: www.aligncybersecurity.com and www.align.com.
Seth Arbital, Chief Information Security Officer of Align
Seth Arbital draws from his 30 years of experience in IT and 15 years specializing in Information Security as the CISO of Align. Seth has built and managed consulting and engineering teams for boutique, regional and national technology firms. He assists clients in enhancing security by developing strategic security programs with a focus on people, process and technologies. Seth utilizes his expertise with security technologies, architect’s solutions and manages business and regulatory compliance including PCI, HIPAA, GLBA, and SOX. He is certified in CISM, CISSP, ISO 27001 and GDPR, as well as a variety of technical certifications from security vendors. Seth received his Bachelor of Science in Computer and Information Sciences at City University of New York – Brooklyn College.