Blog Post: The Importance of Vulnerability Management

As data breaches increasingly dominate headlines, we continue to see an increase in tools that ensure that organisations are protected with proactive, preventive measures.

Whilst cyber-attacks have always been a problem, cybercrime has been greatly amplified by the COVID crisis, with a 31% increase in cases reported in the UK during the height of the pandemic, as more organisations are falling victims to such attacks.

Cybercriminals are constantly looking for vulnerabilities to exploit, with new threats emerging each day, along with strict security legislations for organisations to comply with, the risk and the costs associated with a data breach can prove to be more devastating than ever.

IT Governance reports that out of the 128 disclosed incidents discovered last month alone, 116 million records were breached with more than 40% of them being ransomware attacks.

In Sophos’ State of Ransomware Report 2021, it is stated that the average cost of remediating a ransomware attack has more than doubled in the last 12 months. Remediation costs, including business downtime, lost orders, operational costs, and more, grew from an average of $761,106 in 2020 to $1.85 million in 2021.

With statistics such as above, it is more critical than ever for organisations to have a broad understanding of their cybersecurity threat landscape and the vulnerabilities or weaknesses within their environments.

What are the vulnerabilities?

As you would expect, with a constantly evolving attack surface, new vulnerabilities are being discovered daily. These could be anything from:

• Unsecured remote connections, a common one currently, with people hastily transitioned to working from home.
• Out of date, legacy equipment.
• Unsupported operating systems or applications.
• Weak passwords, poor password management and wrongful access to privileged accounts.
• Missing patches is an obvious and often challenging one, as the sheer number of patches and varying processes, and regularity of patching can be complex.
• Earlier this year there were four separate zero-day vulnerabilities found within Microsoft Exchange on-premise servers, which gave attackers full access to user emails and passwords, potentially with administrator privileges and access to other devices connected on the network.
• There has also been a rise in attackers using Active Directory and Group Policy to find weaknesses in Windows networks to identify targets.
• Alongside Windows, macOS and others are also equally vulnerable, with threats such as the Gatekeeper bypass being recently patched.
• Additionally, configuration issues, for example when a device, such as a networking switch or firewall has been left with default login details or security details that have not been configured correctly, we leave ourselves unknowingly open to attack.

How to tackle Vulnerability Management

Vulnerability management is a continual process that businesses must undertake to assess the security weaknesses in their networks, systems, and applications, that could expose them to attacks, and then manage them appropriately.

Organisations have different methods for tackling vulnerability management challenges, depending on their size, complexity, and infrastructure. Many of them use a mixture of tools and have a dedicated team to focus on detecting risks and execute patches to keep their systems secure.

As IT teams are regularly over-stretched with project work or business as usual (BAU) operations, we often see organisations having the processes in place, but not having the resource, or time, to focus on all the risks identified; often vulnerability management, monitoring and patching is pushed aside, when in fact, with such disastrous consequences, it should be prioritised.

One of the most effective ways to ensure that your entire network is protected and up to date is to deploy a vulnerability scanning tool.

What is Vulnerability Scanning?

A vulnerability scanning tool will scan for vulnerabilities across all of your internal and external devices and applications, giving you a risk-based view of your environment, it will identify, assess and prioritise any issues found, giving you the warning that you need to focus your efforts on minimising the risks before it is too late.

A vulnerability scan may be performed by the IT department in an organisation or by an external partner company, such as Krome, that specialises in this service. Vulnerabilities can be proficiently managed once they have been identified, accessed and prioritised, having a vulnerability scanning tool is an effective way to help keep your organisation secure.

It is essential to regularly scan for vulnerabilities, as systems connected to the internet are constantly scanned and attacked. Utilising a vulnerability scanner reduces the load from the IT department of having to manually scan for security issues, and if any are discovered during a manual check, the team will then have to determine how to resolve the vulnerability to protect the system.

With a proactive vulnerability scanning tool or service, the efficiency and outcome of this process can be greatly improved. There are many vulnerability management and scanning tools available, our preferred vendor in this space is Tenable.

The Benefits of Scanning for Vulnerabilities

There are several reasons why using a vulnerability scanning tool is the most effective method for vulnerability management:

• Defeat Cyber Criminals – Scanning tools typically perform hundreds/thousands of checks at a much faster pace than manual testing, which means the tool will identify any vulnerabilities before cybercriminals can take advantage of them. Most cyber-attacks involve cybercriminals searching and exploiting any vulnerabilities that are embedded in an organisation’s IT infrastructure; having the ability to scan at a drastically faster pace aids to keep you ahead of potential threats.
• Meet Data Protection Requirements – Although vulnerability scanning isn’t a requirement for the GDPR (General Data Protection Regulation), it is required for organisations to ensure they have implemented the appropriate security measures when dealing with personal data, which involves identifying vulnerabilities. It is also a requirement to patch system vulnerabilities in a given timeframe to achieve Cyber Essentials Plus, a government-endorsed security certification. A scanning tool will be used by a testing body to confirm this, so using one yourself in advance helps to confirm your compliance prior to assessment.
• Highlights Level of Security – Performing regular vulnerability scans will help organisations determine the level of effectiveness of their security processes. If there are many older vulnerabilities discovered, this is an indication that their security measures are not working effectively and changes need to be promptly implemented.

How can Krome help you with your Vulnerability Scanning?

Anyone can scan for vulnerabilities, but it is how you interpret and manage the key results, along with ensuring that you prioritise the remediation required to ensure that your systems are protected.

As a Tenable Managed Services partner, we can assist you in several ways:

• Provide your Tenable platform for you to run and manage in your own environment.
• Provides a point in time vulnerability assessment service powered by Tenable Nessus Pro, that is evaluated by one of our security professionals, with recommendations and remediation services undertaken by Krome should you require them.
• Provide you with a fully managed service throughout the process.

Our scanning services will highlight where your systems are vulnerable and will report on your remediation actions, in order of severity and priority. For those organisations that find themselves short on resources and time, Krome can also manage the remediation required to resolve the vulnerabilities in your environment before they are exploited.

For more information on how Krome can assist you with your cybersecurity.