Page 46 - Cyber Defense eMagazine forJune 2021
P. 46
Uncovering hidden cybersecurity risks
By Adam Nichols, Principal of Software Security at GRIMM
The technology we use and depend upon has critical vulnerabilities in their software and firmware, lurking
just beneath the surface of the code. Yet, our process has not changed. A week does not go by where
we are not reading about a serious vulnerability in the news and subsequently scrambling to see if we
are affected.
This scramble, this mad dash, is a process we have all become accustomed to. The series of anxiety
inducing questions start to hum around our organizations, “Are we using the affected software? Are our
configurations vulnerable? Has an attack been detected? Should we apply a patch as soon as possible
to prevent exploitation, but in doing so risk the side effects of adding an untested patch?”
While trying to protect one’s organization from potential threats, the lifespan of the vulnerabilities in
question are overlooked. If the vulnerabilities found were in recently added features, they may not have
an impact on the organization if you are using stable or long-term-support software. On the other hand,
if the vulnerabilities have been around for a long time, it begs the question of how they went unnoticed
for so long. More importantly, how can we find these things earlier, before there is a crisis?
Cyber Defense eMagazine – June 2021 Edition 46
Copyright © 2021, Cyber Defense Magazine. All rights reserved worldwide.