Ransomware attacks continually increase in sophistication, intensity and impact. How do organisations stay afloat? Risk-based vulnerability management coupled with predictive analytics can move organisations closer to being agile.
CIO World Asia met with Michael Waring, Vice President, Asia Pacific and Japan, Security and Unified Endpoint Management (UEM), Ivanti, a leading security and IT automation platform provider. Michael discusses predicting vulnerability weaponisation and remediating at scale from both an offensive and defensive approach, to offer cyber security teams the best chance of success against threat actors.
Ransomware Groups’ Tactics In Leveraging Zero-Day Vulnerabilities
Data is the new oil. There are numerous tools scanning, monitoring environments and generating more data reports from it. In a world of too much data, the ability to prioritise and make sense of it in a meaningful manner, are pivotal challenges. There is an overwhelming number of platforms and mediums for threat actors to attack from. So much so that the National Vulnerability Database (NVD) misses some of these gaps, giving threat actors the leeway to infiltrate.
Cybersecurity tools purchased by organisations are also not always identifying threats as deftly as envisioned. The onus is on software supply vendors to quickly identify, disclose, develop and dispatch software patches. Ultimately the cat and mouse game that is information security is asymmetric. Attackers only need one successful exploit to own an organisation, but that organisation must account for all holes in its defences.
The Shift In Cybersecurity Priorities
The shift to hybrid work models sees an increased uptake of cloud software, even by government entities, who previously perceived it as a risky operation, potentially compromising state-sensitive information. Users accessing these data and cloud networks are widely dispersed across countries and time zones. Some could be accessing via unsecured Wi-Fi networks such as free public Wi-Fi. All these trends occur amidst a shortage of qualified cybersecurity professionals.
Organisations thus have to identify which of these threats will do the most damage to their organisation. Threats capable of privilege escalation and remote code execution are likely responsible for the bulk of the damage. It is not plausible to fix everything so teams have to pinpoint and prioritise the most crucial factors.
The issue of latency is also key to an effective defence strategy. Leading questions such as – Is a patch available for this software? Is it sent to the security team? Do they know and have the right tools to deploy? – will help teams in assessing their software’s latency levels, possibly delaying malicious activities.