• Latest
  • Trending
Three Critical Cybersecurity Metrics to Fight Back

Three Critical Cybersecurity Metrics to Fight Back

December 30, 2021
Apple is reportedly testing iPhones with USB-C

Apple is reportedly testing iPhones with USB-C

May 16, 2022
Nintendo Working on Next-Gen Switch Powered by an NVIDIA SoC

Nintendo Working on Next-Gen Switch Powered by an NVIDIA SoC

May 16, 2022
AMD Instinct MI300 Exascale APU Features Zen4 CPU and CDNA3 GPU

AMD Instinct MI300 Exascale APU Features Zen4 CPU and CDNA3 GPU

May 16, 2022
GrAI Matter Labs Unveils sparsity-native AI SoC

GrAI Matter Labs Unveils sparsity-native AI SoC

May 16, 2022
Tecnotree Launches a Transformation Suite for MTN Ghana

Tecnotree Launches a Transformation Suite for MTN Ghana

May 16, 2022
Ghana with Moringa School and Brighter Investment to promote digital skills for jobs

Ghana with Moringa School and Brighter Investment to promote digital skills for jobs

May 16, 2022
SA Obscure Technologies announces strategic alliance with DNSSense

SA Obscure Technologies announces strategic alliance with DNSSense

May 16, 2022
SLVA Cybersecurity to provide crucial new API security solutions

SLVA Cybersecurity to provide crucial new API security solutions

May 16, 2022
Samsung PRO Endurance Up to 256GB microSD Memory Card

Samsung PRO Endurance Up to 256GB microSD Memory Card

May 16, 2022
Apacer AS2280Q4U M.2 PCIe Gen4 x4 NVMe 1.4 for PS5

Apacer AS2280Q4U M.2 PCIe Gen4 x4 NVMe 1.4 for PS5

May 16, 2022
ProGrade Digital SDXC UHS-II V90 512GB U3 Memory Card

ProGrade Digital SDXC UHS-II V90 512GB U3 Memory Card

May 16, 2022
Team Group T-Force Vulcan Z SATA 2.5-Inch With 3D TLC Flash

Team Group T-Force Vulcan Z SATA 2.5-Inch With 3D TLC Flash

May 16, 2022
  • Consumer Watch
  • Kids Page
  • Directory
  • Events
  • Reviews
Monday, 16 May, 2022
  • Login
itechnewsonline.com
  • Home
  • Tech
  • Africa Tech
  • InfoSEC
  • Data Science
  • Data Storage
  • Business
  • Opinion
Subscription
Advertise
No Result
View All Result
itechnewsonline.com
No Result
View All Result

Three Critical Cybersecurity Metrics to Fight Back

by ITECHNEWS
December 30, 2021
in Leading Stories, Opinion
0 0
0
Three Critical Cybersecurity Metrics to Fight Back

YOU MAY ALSO LIKE

Apple is reportedly testing iPhones with USB-C

Nintendo Working on Next-Gen Switch Powered by an NVIDIA SoC

A 2021 government survey found that nearly 40% of businesses and over a quarter of charities recently suffered cybersecurity breaches, which is why business leaders worldwide are demanding a data-driven, verifiable response to that critical question. The fight to stay ahead of cyber-attacks has become constant, leading to what Accenture has described as “unsustainable” costs for most businesses. In the modern era, the smarter, proactive response begins with gaining control – evolving how the attack surface is managed – then prioritizing and addressing weaknesses most likely to be exploited.

The first essential step is making sure security teams can quantify three critical metrics:

  1. How many vulnerabilities exist across your hybrid infrastructure?
  2. How many of those vulnerabilities are actively being exploited in the wild?
  3. How many of those exploitable vulnerabilities are protected by existing security controls?

More Vulnerabilities, More Problems

The current problem with managing cyber-attacks is that the volume of vulnerabilities keeps increasing every year: Based on the latest research from Skybox Research Lab, 18,341 new vulnerabilities were discovered in 2020, with an additional 9444 new vulnerabilities emerging in just the first half of 2021. These numbers constitute a massive and growing challenge that daunts organizational efforts to stay ahead of threats.

Unfortunately, due to limited security resources and network visibility, some organizations take months or even years to remediate known vulnerabilities after patches become available. With so many vulnerability alerts to prioritize and a continued skills shortage, it is vital to target action where it is needed most. But that is impossible without the data aggregation required for advanced vulnerability management.

Security teams often rely on traditional risk scoring systems, namely the Common Vulnerability Scoring System (CVSS), to prioritize vulnerabilities. However, CVSS does not give teams adequate context to accurately understand their own risks: Vulnerabilities with high scores are not necessarily the ones that are most likely to be exploited or even reachable in their own infrastructure, a common misconception that can undermine remediation efforts.

Bad actors can operate under the radar whenever organizations don’t know their security weaknesses. For example, hackers used the SolarWinds cyber-attack to transfer malware to multiple targets by exploiting shared supply chain vulnerabilities – issues the targets were unaware of.

 

“Bad actors can operate under the radar whenever organizations don’t know their security weaknesses”

Research reveals that cyber-criminals commonly gain access to critical assets by exploiting low and medium severity vulnerabilities they know are likely to be unpatched within enterprise environments. In some cases, attackers target older vulnerabilities with the knowledge that over-stretched security teams are struggling to keep up. For example, the US government’s Cybersecurity & Infrastructure Security Agency (CISA) reported that most of the top vulnerabilities targeted in 2020 had been disclosed during the past two years.

Security Leaders Can Win the Fight Against Breaches

Exposed vulnerabilities are the root cause of breaches. Yet, ransomware attacks unfortunately can’t be prevented solely by patching vulnerabilities. Practically speaking, reducing the chance of breaches means focusing on exposed vulnerabilities that are actually exploited in the wild. Unfortunately, new data indicates that the number of new vulnerabilities exploited in the wild grew 30% year-on-year during the first half of 2021.

Therefore, security teams must:

  1. Continually aggregate configuration and security control data across disparate and highly complex environments. This includes endpoints, cloud and physical network infrastructure.
  2. Use this data to create a network model that’s factually representative of the hybrid infrastructure. Such a model enables security teams to identify the missing jigsaw pieces until the entire network is modeled. In addition, access to more data, properly sorted, improves the team’s visibility and control over the threats within the enterprise environment.
  3. The data can deliver greater insight and focus on vulnerabilities using this network model, enabling teams to identify the highest risks. Security teams can also define what a ‘good’ network environment looks like and then continuously measure to ensure that devices are configured as expected.
  4. Last but not least, identify and prioritize remediation or management of device weaknesses, including overly permissive connectivity and device-specific vulnerabilities.

When security teams face a growing attack surface, working smarter, not harder, is particularly crucial to address threats. Government and business leaders should approach preventative cybersecurity by first developing a network model to analyze data and proactively understand the context of the attack surface.

Next, instead of relying on CVSS to prevent breaches, leaders should focus on addressing vulnerabilities hiding in plain sight, and carry out effective vulnerability remediation work, thus enabling organizations to move forward and fight threat actors. Finally, organisations will diminish the likelihood of threat actors successfully committing ransomware attacks by focusing on often-overlooked low and medium severity level vulnerabilities.

Source: Alastair Williams Director of Solutions Engineering for EMEA
Via: Skybox Security
Tags: cybersecurity
ShareTweetShare

Get real time update about this post categories directly on your device, subscribe now.

Unsubscribe

Search

No Result
View All Result

Recent News

Apple is reportedly testing iPhones with USB-C

Apple is reportedly testing iPhones with USB-C

May 16, 2022
Nintendo Working on Next-Gen Switch Powered by an NVIDIA SoC

Nintendo Working on Next-Gen Switch Powered by an NVIDIA SoC

May 16, 2022
AMD Instinct MI300 Exascale APU Features Zen4 CPU and CDNA3 GPU

AMD Instinct MI300 Exascale APU Features Zen4 CPU and CDNA3 GPU

May 16, 2022

About What We Do

itechnewsonline.com

We bring you the best Premium Tech News.

Recent News With Image

Apple is reportedly testing iPhones with USB-C

Apple is reportedly testing iPhones with USB-C

May 16, 2022
Nintendo Working on Next-Gen Switch Powered by an NVIDIA SoC

Nintendo Working on Next-Gen Switch Powered by an NVIDIA SoC

May 16, 2022

Recent News

  • Apple is reportedly testing iPhones with USB-C May 16, 2022
  • Nintendo Working on Next-Gen Switch Powered by an NVIDIA SoC May 16, 2022
  • AMD Instinct MI300 Exascale APU Features Zen4 CPU and CDNA3 GPU May 16, 2022
  • GrAI Matter Labs Unveils sparsity-native AI SoC May 16, 2022
  • Home
  • InfoSec
  • Opinion
  • Africa Tech
  • Data Storage

© 2021 iTechNewsOnline.Com - Powered by BackUpDataSystems

No Result
View All Result
  • Home
  • Tech
  • Africa Tech
  • InfoSEC
  • Data Science
  • Data Storage
  • Business
  • Opinion

© 2021 iTechNewsOnline.Com - Powered by BackUpDataSystems

Welcome Back!

Login to your account below

Forgotten Password?

Retrieve your password

Please enter your username or email address to reset your password.

Log In

Add New Playlist

Are you sure want to unlock this post?
Unlock left : 0
Are you sure want to cancel subscription?
Go to mobile version