Attackers are opportunistic. Adversaries seek out security gaps hiding in plain sight, relying on open windows and broken locks to access corporate and government environments – targeting known vulnerabilities in assets organizations haven’t patched yet. And it’s working.
To kick off Cybersecurity Awareness Month, the Cybersecurity & Infrastructure Security Agency (CISA) issued a new binding directive that requires federal agencies to account for a complete inventory of assets and vulnerabilities.
This directive serves as a reminder that threat actors continue to target publicly known and often-dated vulnerabilities. According to Forrester Research, “organizations doing business with the federal government, looking to maintain good cyber posture, or wanting a head start on the road should also familiarize teams with and strive to meet CISA guidelines.”
Adversaries know, for instance, that many organizations are behind on patching and still rely on traditional approaches to vulnerability management based on CVSS scores. They’ve learned to take advantage of exposures rated as less critical to carry out their attacks (as noted by CISA). Unfortunately, they have a lot to choose from.
According to Skybox Research Lab threat intelligence, there were 20,175 new vulnerabilities in operational technology (OT) environments alone in 2021 – the most vulnerabilities reported in a single year. And initial research indicates that in 2022 we’ll see a similar trend that will impact critical infrastructure.
In these environments, asset visibility (or lack thereof) is a common issue that can hide critical exposures. And taking a machine offline, even for routine security maintenance such as patching, results in downtime that not only impacts operational productivity – it can also mean a service interruption for customers (think energy sector).
So, as you reflect on your organization’s defenses, take a page from the attackers’ playbook: Don’t work harder. Work smarter.
- Prioritize exposed vulnerabilities based on threat intelligence, risk scoring, path analysis, and asset importance.
- Use attack simulation to actively test the environment for exposure, simulating common methods used by attackers.
- Test changes before deployment to verify new exposures are not inadvertently introduced.
- If you use multiple scanners, ensure your vulnerability prioritization algorithm integrates across scanning tools for effective remediation prioritization.
Skybox Vulnerability Management and Prioritization have disrupted the traditional Vulnerability Assessment market. We significantly reduce the noise by identifying which vulnerabilities need to be treated first. And then automatically recommend the best remediation and mitigation options. In fact, nearly half of organizations with no breaches in 2021 took a risk-based approach. We help you close the door before the attacker even knows it’s open.