No IT chief needs to inform the C-suite a few critical breach that took benefit of a recognized infrastructure vulnerability. 

Hackers develop new assault methods so typically that it’s straightforward to neglect a basic reality about cybersecurity: hackers don’t must depend on discovering new vulnerabilities. The lack of organizations to promptly deal with the quickly rising variety of recognized vulnerabilities means they’ll efficiently breach their goal’s defenses utilizing well-understood exploits. 

For instance, uncovered in December 2021, Log4J is a flaw in a ubiquitous open-source framework that would allow attackers to take full management of a server — and although it’s greater than a yr previous, now, hackers are nonetheless making an attempt to take advantage of it. A research from Tenable discovered that as of October 2022, 72% of organizations remained weak to Log4J ^[1], and in November, the U.S. Cybersecurity and Infrastructure Safety Company (CISA) reported that an Iranian-sponsored group compromised a federal community in an assault that leveraged Log4J ^[2].   

It’s disturbing that such a harmful, extremely publicized vulnerability would stay unpatched in most environments for practically a yr after its discovery. And the Log4J instance is simply the tip of the iceberg. CIASA started compiling its Identified Exploited Vulnerabilities (KEV) catalog in November 2021. As of February 2023, the variety of vulnerabilities was approaching 900. 

Dangerous actors are chomping on the bit to take advantage of these vulnerabilities to steal information, launch ransomware assaults, and wreak havoc. For instance, the Conti Group is a Russian group that launches devastating ransomware assaults primarily based on a franchise mannequin. The harm they’ve triggered is so devasting that one nation, Costa Rica, declared a nationwide emergency final yr ^[3]. And Conti leverages dozens of recognized vulnerabilities listed within the CISA KEV catalog to do their malicious work. 

With so many vulnerabilities recognized within the final two years, no group can sustain utilizing handbook programs, particularly given the huge complexity of contemporary IT infrastructures. Lacking a single patch on a single server might create an assault opening.   

Prevention practices ought to embrace the deployment of an automatic platform to establish, report on, and patch weak programs. Respected third-party companies can additional improve your defenses by constantly trying to find and patching the most recent vulnerabilities. 

IT groups additionally want to know the state of their infrastructure to allow steady compliance. Most organizations have no idea which of their endpoints, for instance, are on the most recent patch for his or her customary working system, a lot much less different software program purposes. 

HCL’s reply to cybercrime 

BigFix CyberFOCUS Analytics is a brand new functionality designed to assist IT Operations group uncover, prioritize, and patch crucial vulnerabilities and cut back cybersecurity danger in actual time. In contrast to siloed processes primarily based on disparate groups and instruments, BigFix delivers a single, built-in answer that eliminates the inefficiencies in passing information from a number of instruments to the completely different groups who’re accountable for enterprise safety. 

BigFix CyberFOCUS Analytics are included with BigFix Lifecycle, BigFix Compliance, and BigFix Remediate. By leveraging endpoint info that solely BigFix is aware of, BigFix CyberFOCUS Analytics offers the flexibility to simulate vulnerability remediations, to outline and handle Safety Stage Agreements (PLAs) and analyze CISA Identified Exploited Vulnerability exposures. 

With correct planning and preparation, IT leaders can sleep a bit simpler understanding that their setting can repel assaults that exploit recognized vulnerabilities. And with their defenses in place, they’ll react rapidly ought to an assault get via.  

Be prepared earlier than an assault happens. Be taught extra at https://www.hcltechsw.com/bigfix/merchandise/cyberfocus 

^[1] Tenable. Tenable Analysis Finds 72% of Organizations Stay Weak to “Nightmare” Log4j Vulnerability. 30 November, 2022. https://www.tenable.com/press-releases/tenable-research-finds-72-of-organizations-remain-vulnerable-to-nightmare-log4j. Retrieved 25 February 2023. 

^[2] CISA. Cybersecurity Advisory: Iranian Authorities-Sponsored APT Actors Compromise Federal Community, Deploy Crypto Miner, Credential Harvester. 25 November 2022. https://www.cisa.gov/news-events/cybersecurity-advisories/aa22-320a. Retrieved 25 February 2023. 

^[3] AP. Costa Rica declares nationwide emergency amid ransomware assaults. The Guardian. 12 Could 2022. https://www.theguardian.com/world/2022/could/12/costa-rica-national-emergency-ransomware-attacks. Retrieved 25 February 2023.