by Brian Nelson
1:30 min read
As the pace of security breaches continues to accelerate, a common thread in most breaches is the exploitation of a technical vulnerability--in either the operating system or an application running on top of the operating system. Just in the past two years at Anchor Technologies every breach investigation we have been a part of was associated with a known technical vulnerability. The epic Equifax breach was of a technical vulnerability that was public knowledge for months prior to the breach. An annual vulnerability assessment is no longer sufficient to protect your organization.
When it comes to technical vulnerabilities, many organizations are making themselves easy targets by either only scanning their external IP’s or scanning their internal networks just once a year. If you focus solely on your external exposure, you are ignoring over 90% of your risk.
Most breaches occur through the exploitation of internal resources, and if you are only looking at those internal assets once a year, it is quite likely those assets will have unpatched critical vulnerabilities. Malicious actors know, and count on, this.
To help make your organization a more difficult target, we recommend the following actions:
Implementing a robust scan-and-patch program may seem daunting in the short run but the payoff is exponential. What is the reduction of your cyber risk worth?