Kaspersky released a 2021 Incident Response report on threats. The latest data it has on initial compromise shows that unpatched vulnerabilities are the number one attack vector. What this means is attackers are exploiting unpatched vulnerabilities on internet-facing hosts and devices in order to gain access to internal networks. Unpatched vulnerabilities are being leveraged more than account attacks and email phishing combined as you can see in the figure below.

Kaspersky State of the Cyber Incidents Report 2021

What does this mean for your organization? You need to ensure that you have a regular patching program. Most importantly you should be ensuring that devices and hosts that are externally facing the internet or untrusted networks are being regularly patched. Operating Systems should be maintained. Patching of Criticals and Highs should be done within 30 days of a vulnerability being released. There are thousands of vulnerabilities that may need to be patched especially if an organization has not been doing its due diligence. First, you need to prioritize your vulnerabilities. Use a vulnerability management tool that includes:

  • Prioritization based on network context
  • CISA’s known exploitable vulnerabilities catalog
  • CVSS score

You don’t have to patch every vulnerability. You need to prioritize them and take this into account and reflect it in your Risk Management Program. You can read more about creating a Risk Management Plan here at Paramify’s Blog “What is Risk Management” 

To learn more about what a vCISO is click here: https://trustedciso.com/what-is-a-vciso/

To learn more how TrustedCISO can advise your company on compliance and cybersecurity click here to Contact Us.

Back to Trusted CISO

References:

https://www.darkreading.com/vulnerabilities-threats/vulnerability-exploits-phishing-top-attack-vector-initial-compromise