From: Veris Group
***
Every security leader has a duty to provide a comprehensive vulnerability management program. It’s a comparatively small amount of work yielding a large return on investment for the organization. This requires a depth of understanding of the existence of security weaknesses and implementing a formal patch management program performed on a regular basis. Patch every system you can find. Scour your network for shadow IT systems and IP enabled devices which fall outside of your typical scan/patch program. Study after study shows that without regular patching, organizations can continue to be exposed to these threats. “We found that 99.9% of the exploited vulnerabilities had been compromised more than a year after the associated CVE was published.” (2015 Verizon Data Breach Investigations Report).
We hear about legacy systems or critical infrastructure which cannot be patched. Again, focusing on the fundamentals is key. Segmenting these systems, adding additional layers of protection, and continuous active monitoring of those protections are essential to the security of the overall organization.
Leave a Reply