As much as cybercriminals continue to continue to refine and expand their ways of attacking data and devices, they are also digging into their bags of tried and trusted tricks.
Richard Broeke, an IT security specialist and GM at leading managed IT security provider, Securicom, says that there’s a growing number of companies experiencing exploits on vulnerabilities that are three or more years old.
“The very same vulnerabilities that have been patched by vendors are being exploited again. One survey suggests that 90% of organizations have recorded exploits on old vulnerabilities, with related attacks on some vulnerabilities surfacing as much as a decade later. This is largely because of lack of patch management and badly configured systems. Software updates may seem mundane but they must be done to remove outdated features, update drivers, facilitate bug fixes and importantly, close security loopholes.
“Due diligence, it seems, would therefore be to install software patches promptly, make sure security systems are up to date, monitor networks for suspicious activity, and quarantine devices that show unusual behaviour. But, in a lot of companies this isn’t happening. In fact, lack of network monitoring, bad patch management and poor endpoint hygiene are amongst the main reasons why old vulnerabilities can be exploited over and over again,” he says.
A software vulnerability is essentially a security hole or weakness found in an operating system or software programme. Hackers exploit these by developing code to target them. These exploits, packaged into malware, infect computers and whole environments, thereby putting networks and data at risk.
“Outdated and poorly configured systems, specifically firewalls, are frequently where companies are weak. Curiously, we also see companies that have invested in some really comprehensive endpoint management and antivirus tools but they don’t keep them up to date. Unmanaged, outdated security systems simply cannot deliver adequate protection against new and existing threats.”
He says companies need to ensure that all their software versions are the most current, that updates to the endpoints connecting to their networks are applied regularly and that perimeter controls are effectively implemented for an extra layer of protection whilst these endpoints are inside the office.
“If you can’t be sure when the last updates were applied, then it is time for an update,” he says.
Regular ‘health’ checks should also be done on the IT environment to identify loopholes that can inevitably emerge as the environment grows and evolves. It is only once these vulnerabilities have been indentified and remedied that systems and devices can be added, updated or upgraded in a decisive, strategic way so that an ineffective, unsecure ‘patchwork’ is not the end result.
Securicom strongly advocates, due to the current threat landscape, that patch management and endpoint security competency should be performed by a dedicated team, either internal or external. This team should have visibility onto these devices 24×7 regardless of location to ensure the best possible pro-active protection for today’s mobile world.