By Richard Melick, senior technical product manager, Automox
Many of us have made the shift to virtual with our work, school, and social lives, as we all aim to protect ourselves and the community during this uncertain time. As such, it’s important to understand that with new virtual workflows comes an expanded attack surface for hackers to potentially exploit.
In particular, many organizations are struggling with securing and hardening new and existing endpoints against critical vulnerabilities, an issue that has been exacerbated as remote work policies are enacted. Automox’s recent Cyber Hygiene Index surveyed 560 IT and security professionals and uncovered that less than 50 percent of organizations can patch vulnerable systems swiftly enough to protect against critical threats and zero-day attacks.
Endpoint hardening is a critical component of any security strategy, and if not properly managed, can pose a major threat to an organization’s infrastructure. Attackers only need to find one way in to victimize a system or device – and an endpoint that isn’t equipped with the latest patches and security configurations is likely to be ripe with exploitable vulnerabilities. It is essentially leaving a door unlocked with a welcome sign out front for attackers.
Is it possible to lessen devastating data breaches within enterprises? Yes, but effective cyber hygiene measures must be put into place, especially during transitional and uncertain times like today.
The Ongoing Patching and Configuration Crisis
When you couple new potential entry points for hackers to exploit along with the fact that organizations report taking up to 102 days for patches to be applied and tested, it is apparent that the enterprise attack surface is growing at an unprecedented rate.
To fully understand the scope of the issue, look no further than three years ago with the WannaCry ransomware attack. The ransomware was able to spread rapidly by exploiting a known vulnerability that was left unpatched in a large majority of organizations for months – leading to one of the most notorious hacking events of our lifetime.
Research for the Automox Cyber Hygiene Index also confirmed that four out of five organizations have suffered at least one data breach in the last two years. When asked about the root causes, respondents placed phishing attacks (36%) at the top of the list, which is to be expected. Social engineering attacks continue to be a favorite initial vector that attackers use.
The surprising part of the results is that the majority of breaches could have been prevented with basic cyber hygiene practices in place. The other top causes were missing operating systems patches (30%), missing application patches (28%), and operating system misconfigurations (27%) – all of which are fundamentals of proper endpoint hardening.
The Industry is Failing to Keep Up
Adversaries are weaponizing new critical vulnerabilities within 7 days on average. And zero-day vulnerabilities are already weaponized at the moment of disclosure, yet companies are known to take weeks and in some cases months to deploy patches.
For this reason, a 24 / 72 threshold for endpoint hardening is imperative. If organizations can commit to eliminating zero-day exploits within 24 hours and other critical vulnerabilities within 72 hours, they’ll prevent weaponization and ultimately better protect their critical assets.
According to the recent survey, the industry is still catching up to meet this ambitious patching standard. Only 42 percent of companies can patch remote endpoints within three days and 15 percent within one, highlighting the struggles companies face with patching and hardening endpoints in remote environments.
Embracing Newer Technologies to Help
One of the more positive outcomes from the research is that companies are increasingly embracing automation as a potential antidote for the security challenges that they are currently facing.
The findings showed that 96 percent of organizations have deployed some automation for endpoint patching and hardening, yet only 23 percent are fully automated.
While newer technologies, such as automation, are not a silver bullet, they sure can help ease the efforts in protecting infrastructure – and executing complex tasks in a timely manner. This effectively eases the burden on IT and SecOps teams, all while maintaining better security for the organization as a whole, a true win-win scenario.
The Answer to Better Cyber Hygiene?
Good cyber hygiene doesn’t have to be complicated. A great place to start to make the transition to a more modern approach is to audit your organization and take a look at how it leverages its people, processes, and technologies to better secure its endpoints and other assets.
Are our people being put in a position to succeed? What processes could be eliminated or improved? Are we getting enough out of our technologies to make our security team’s workflow easier?
By answering these important questions and acting on that information, organizations will have a better understanding of how they can adapt their strategies to address today’s and tomorrow’s challenges.
In times of uncertainty, it’s important that businesses look for long-term fixes, as opposed to putting a band-aid on issues that are likely to pop up again. The future of work is remote, and it’s critically important that decision-makers across every industry set their IT and security teams up for future success while meeting the standards they need to meet today.
About the Author
Richard Melick, senior technical product manager, Automox. Richard has spent over a decade advancing through the security industry with his considerable experience and considerable focus on the stories surrounding ransomware, hacking, and cyber attacks. He has been a security speaker on five continents and has even advised royalty on how to make and distribute ransomware.
Richard can be reached online at ([email protected], @AutomoxApp, etc..) and at our company website https://www.automox.com/
