Keeping up with the onslaught of cybersecurity threats can feel like a losing proposition. With millions of new malware variations, scores of vulnerabilities emerging at breakneck pace and more than two-thirds of companies experiencing a breach, it can feel almost inevitable that your organisation will be hit with an attack or experience a breach.
In fact, more breaches were made public in the last year than ever before—44 per cent more than the year prior—including some, like the Equifax incident, with devastating consequences. The attack, which persisted for 76 days, compromised some 148 million people, or roughly half the adult U.S. population.
In addition to exposing the records of millions of its customers, the Equifax breach also exposed a critical deficiency in the company’s cyber defense: failure to apply software vulnerability patches in a timely manner. In this case, an Apache software flaw (for which a patch had been issued two months prior to the attack) gave hackers access to the company’s network where they quickly found other failures to exploit, ultimately costing the company at least $439 million.
Could it happen to you?
While Equifax has struggled to recover, cybersecurity professionals around the world have been gritting their teeth, knowing that they’re likely equally vulnerable. In fact, the average delay in applying endpoint software patches is 102 days, giving hackers a luxurious three-and-a-half months to exploit known vulnerabilities. For the majority of companies, the delay is caused simply by an inability to keep pace with the frequency of software patching.
As Equifax and others have learned the hard way, endpoint security has become the new battleground, with nearly two-thirds of companies compromised by endpoint attacks in the last 12 months. With hundreds or even thousands of endpoints across the organisation, each running dozens of pieces of software, it’s easy to see how the task of keeping each one up-to-date quickly becomes overwhelming. But, with the cost of endpoint attacks climbing to a record average of $7.12 million, the stakes have never been higher. Companies must act fast.
Visibility & speed: Vital keys to protection
Staying one step ahead of cybercriminals to protect your organisation may seem impossible, but truth is that most of the work has already been done: in the majority of cases, the patches are there, but applying them in a timely manner is the major hurdle. Each must be tested and rolled out systematically to avoid system instability or compromise.
It’s a time-consuming, gargantuan task for mere mortals, which is why automation is critical. By leveraging the right kind of tools as part of a comprehensive strategy, cybersecurity professionals can finally get their heads above water and keep pace with remediating vulnerabilities to protect the organisation. Here’s how:
- Know what you need to protect. With the majority of attacks leveraging malware to exploit known software vulnerabilities, identifying all of your endpoints and all of the software running on them is the first step to protecting them. While many organisations do have a good handle on hardware through asset tracking, software is an entirely different story. Not only are there potentially thousands of different pieces of software throughout the organisation (or more), each is very likely in a different stage of its lifecycle—some current and up-to-date, others several (or more) update cycles behind. Getting a clear picture of the entire endpoint landscape is vital to any cybersecurity strategy. In short: you can’t protect it if you don’t know that it exists.
- Automate patching. Even in mid-size organisations, there are simply far too many vulnerabilities to deal with manually. In the Equifax case, and in most likely every other similar situation, it wasn’t that the security team was lazy, but that the complexity and sheer volume of vulnerabilities and issues is huge. In an average large organisation, there are be 2,000 discrete pieces of software in use, a number which multiplies by order of magnitude when you consider the potential different versions and device drivers also involved. Automation is the only reasonable way to ensure that all software is current and patched. And clearly, many still are not: the number of machines running Windows 10 barely exceeds those running Windows 7 after three-and-a-half years in the market. In fact, if your organisation hasn’t completed that migration yet, you’re now extremely vulnerable, as three versions of Win 10 are already out of support. And, that’s just the OS, not to mention potentially thousands of applications running on top of it, each with their own patches and security settings requiring attention.
- Implement real-time response. Even with every update and current patch in place, there are still going to be new vulnerabilities that emerge every day. Worse yet, the “window of vulnerability”—the time between a vulnerability is discovered and a hacker successfully exploits it—has shrunk to around seven days. To guard against these seven-day exploits, companies must be able to act incredibly fast with a real-time system that can respond to indicators of compromise before they become a breach. Otherwise, the problem snowballs quickly. According to the most recent data, it takes companies an average of 197 days to discover a breach, with another 69 days to contain it. That’s nearly nine months of compromise, at an average cost of $3.86 million in damages. Companies able to contain the breach within 30 days save more than $1 million, but those that can prevent it in the first place with real-incident response save much more than money, their reputation.
The secret to success: Align IT security & IT operations
While these steps are critical, the reality is they cannot be performed in a vacuum. In far too many organisations, there’s a huge disconnect between IT Security and IT Operations. Not only do they use vastly different tools, but they also don’t look at the organisation and data in the same way, nor do any of their processes align. Instead, they’re isolated, work in silos and often with redundant systems.
When Security says, “We must secure all endpoints and software, including XYZ suite,” Operations may not even know that piece of software exists. This lack of integration generates conflict, as Security views Operations as slow to respond amid a fast-growing threat landscape. Meanwhile, Operations is also concerned with uptime, performance and supporting business priorities. Of course, they both know that patches and updates protect uptime, availability and performance. After all, loss of productivity and system downtime are two of the biggest cost consequences of a successful attack. Instead, the lack of communication and aligned objectives results in misunderstanding, a widening gap and ultimately, greater risk to the organisation.
To overcome the friction, Security and Ops must work together to successfully defend the organisation. By collaborating to develop and maintain a common software asset database and employing automated tools to ensure systems are up-to-date and incident response time is immediate, the entire organisation can run more efficiently and more securely, satisfying both Ops and Security objectives simultaneously. Ultimately, the business will be happier.
Sumir Karayi, Founder and CEO, 1E
Image source: Shutterstock/deepadesigns