• Latest
  • Trending
Three Critical Cybersecurity Metrics to Fight Back

Three Critical Cybersecurity Metrics to Fight Back

December 30, 2021
Inaugural AfCFTA Conference on Women and Youth in Trade

Inaugural AfCFTA Conference on Women and Youth in Trade

September 6, 2022
Instagram fined €405m over children’s data privacy

Instagram fined €405m over children’s data privacy

September 6, 2022
8 Most Common Causes of a Data Breach

5.7bn data entries found exposed on Chinese VPN

August 18, 2022
Fibre optic interconnection linking Cameroon and Congo now operational

Fibre optic interconnection linking Cameroon and Congo now operational

July 15, 2022
Ericsson and MTN Rwandacell Discuss their Long-Term Partnership

Ericsson and MTN Rwandacell Discuss their Long-Term Partnership

July 15, 2022
Airtel Africa Purchases $42M Worth of Additional Spectrum

Airtel Africa Purchases $42M Worth of Additional Spectrum

July 15, 2022
Huawei steps up drive for Kenyan talent

Huawei steps up drive for Kenyan talent

July 15, 2022
TSMC predicts Q3 revenue boost thanks to increased iPhone 13 demand

TSMC predicts Q3 revenue boost thanks to increased iPhone 13 demand

July 15, 2022
Facebook to allow up to five profiles tied to one account

Facebook to allow up to five profiles tied to one account

July 15, 2022
Top 10 apps built and managed in Ghana

Top 10 apps built and managed in Ghana

July 15, 2022
MTN Group to Host the 2nd Edition of the MoMo API Hackathon

MTN Group to Host the 2nd Edition of the MoMo API Hackathon

July 15, 2022
KIOXIA Introduce JEDEC XFM Removable Storage with PCIe/NVMe Spec

KIOXIA Introduce JEDEC XFM Removable Storage with PCIe/NVMe Spec

July 15, 2022
  • Consumer Watch
  • Kids Page
  • Directory
  • Events
  • Reviews
Sunday, 29 January, 2023
  • Login
itechnewsonline.com
  • Home
  • Tech
  • Africa Tech
  • InfoSEC
  • Data Science
  • Data Storage
  • Business
  • Opinion
Subscription
Advertise
No Result
View All Result
itechnewsonline.com
No Result
View All Result

Three Critical Cybersecurity Metrics to Fight Back

by ITECHNEWS
December 30, 2021
in Leading Stories, Opinion
0 0
0
Three Critical Cybersecurity Metrics to Fight Back

YOU MAY ALSO LIKE

Inaugural AfCFTA Conference on Women and Youth in Trade

Instagram fined €405m over children’s data privacy

A 2021 government survey found that nearly 40% of businesses and over a quarter of charities recently suffered cybersecurity breaches, which is why business leaders worldwide are demanding a data-driven, verifiable response to that critical question. The fight to stay ahead of cyber-attacks has become constant, leading to what Accenture has described as “unsustainable” costs for most businesses. In the modern era, the smarter, proactive response begins with gaining control – evolving how the attack surface is managed – then prioritizing and addressing weaknesses most likely to be exploited.

The first essential step is making sure security teams can quantify three critical metrics:

  1. How many vulnerabilities exist across your hybrid infrastructure?
  2. How many of those vulnerabilities are actively being exploited in the wild?
  3. How many of those exploitable vulnerabilities are protected by existing security controls?

More Vulnerabilities, More Problems

The current problem with managing cyber-attacks is that the volume of vulnerabilities keeps increasing every year: Based on the latest research from Skybox Research Lab, 18,341 new vulnerabilities were discovered in 2020, with an additional 9444 new vulnerabilities emerging in just the first half of 2021. These numbers constitute a massive and growing challenge that daunts organizational efforts to stay ahead of threats.

Unfortunately, due to limited security resources and network visibility, some organizations take months or even years to remediate known vulnerabilities after patches become available. With so many vulnerability alerts to prioritize and a continued skills shortage, it is vital to target action where it is needed most. But that is impossible without the data aggregation required for advanced vulnerability management.

Security teams often rely on traditional risk scoring systems, namely the Common Vulnerability Scoring System (CVSS), to prioritize vulnerabilities. However, CVSS does not give teams adequate context to accurately understand their own risks: Vulnerabilities with high scores are not necessarily the ones that are most likely to be exploited or even reachable in their own infrastructure, a common misconception that can undermine remediation efforts.

Bad actors can operate under the radar whenever organizations don’t know their security weaknesses. For example, hackers used the SolarWinds cyber-attack to transfer malware to multiple targets by exploiting shared supply chain vulnerabilities – issues the targets were unaware of.

 

“Bad actors can operate under the radar whenever organizations don’t know their security weaknesses”

Research reveals that cyber-criminals commonly gain access to critical assets by exploiting low and medium severity vulnerabilities they know are likely to be unpatched within enterprise environments. In some cases, attackers target older vulnerabilities with the knowledge that over-stretched security teams are struggling to keep up. For example, the US government’s Cybersecurity & Infrastructure Security Agency (CISA) reported that most of the top vulnerabilities targeted in 2020 had been disclosed during the past two years.

Security Leaders Can Win the Fight Against Breaches

Exposed vulnerabilities are the root cause of breaches. Yet, ransomware attacks unfortunately can’t be prevented solely by patching vulnerabilities. Practically speaking, reducing the chance of breaches means focusing on exposed vulnerabilities that are actually exploited in the wild. Unfortunately, new data indicates that the number of new vulnerabilities exploited in the wild grew 30% year-on-year during the first half of 2021.

Therefore, security teams must:

  1. Continually aggregate configuration and security control data across disparate and highly complex environments. This includes endpoints, cloud and physical network infrastructure.
  2. Use this data to create a network model that’s factually representative of the hybrid infrastructure. Such a model enables security teams to identify the missing jigsaw pieces until the entire network is modeled. In addition, access to more data, properly sorted, improves the team’s visibility and control over the threats within the enterprise environment.
  3. The data can deliver greater insight and focus on vulnerabilities using this network model, enabling teams to identify the highest risks. Security teams can also define what a ‘good’ network environment looks like and then continuously measure to ensure that devices are configured as expected.
  4. Last but not least, identify and prioritize remediation or management of device weaknesses, including overly permissive connectivity and device-specific vulnerabilities.

When security teams face a growing attack surface, working smarter, not harder, is particularly crucial to address threats. Government and business leaders should approach preventative cybersecurity by first developing a network model to analyze data and proactively understand the context of the attack surface.

Next, instead of relying on CVSS to prevent breaches, leaders should focus on addressing vulnerabilities hiding in plain sight, and carry out effective vulnerability remediation work, thus enabling organizations to move forward and fight threat actors. Finally, organisations will diminish the likelihood of threat actors successfully committing ransomware attacks by focusing on often-overlooked low and medium severity level vulnerabilities.

Source: Alastair Williams Director of Solutions Engineering for EMEA
Via: Skybox Security
Tags: cybersecurity
ShareTweetShare
Plugin Install : Subscribe Push Notification need OneSignal plugin to be installed.

Search

No Result
View All Result

Recent News

Inaugural AfCFTA Conference on Women and Youth in Trade

Inaugural AfCFTA Conference on Women and Youth in Trade

September 6, 2022
Instagram fined €405m over children’s data privacy

Instagram fined €405m over children’s data privacy

September 6, 2022
8 Most Common Causes of a Data Breach

5.7bn data entries found exposed on Chinese VPN

August 18, 2022

About What We Do

itechnewsonline.com

We bring you the best Premium Tech News.

Recent News With Image

Inaugural AfCFTA Conference on Women and Youth in Trade

Inaugural AfCFTA Conference on Women and Youth in Trade

September 6, 2022
Instagram fined €405m over children’s data privacy

Instagram fined €405m over children’s data privacy

September 6, 2022

Recent News

  • Inaugural AfCFTA Conference on Women and Youth in Trade September 6, 2022
  • Instagram fined €405m over children’s data privacy September 6, 2022
  • 5.7bn data entries found exposed on Chinese VPN August 18, 2022
  • Fibre optic interconnection linking Cameroon and Congo now operational July 15, 2022
  • Home
  • InfoSec
  • Opinion
  • Africa Tech
  • Data Storage

© 2021-2022 iTechNewsOnline.Com - Powered by BackUPDataSystems

No Result
View All Result
  • Home
  • Tech
  • Africa Tech
  • InfoSEC
  • Data Science
  • Data Storage
  • Business
  • Opinion

© 2021-2022 iTechNewsOnline.Com - Powered by BackUPDataSystems

Welcome Back!

Login to your account below

Forgotten Password?

Retrieve your password

Please enter your username or email address to reset your password.

Log In
Go to mobile version