Part two of this series will focus on the exploitation of unpatched systems and explore the processes your financial institution should have in place to keep bad actors at bay.
In part one of this series, I talked about defending the enterprise by strengthening the human firewall. In part two, I’ll focus on patching vulnerable systems.
Let’s take a look at some of the headlines from the last couple of years:
What do all these incidents have in common? Unpatched systems—which expose weaknesses that can be exploited by cybercriminals. If you still need convincing that unpatched systems pose a massive threat, consider these stats from a recent Ponemon Institute study that surveyed nearly 3,000 IT professionals worldwide on their patching practices.
So, how can you avoid becoming the next Atlanta, Ukraine, or Equifax? Here’s my advice.
Credit unions should have an ongoing process in place to scan all of their infrastructure, both internal and external systems, to determine where they are most vulnerable. There are several tools and services you can use for this:
Keep in mind that it’s not only good guys using these systems. Bad guys are too, finding vulnerabilities that they can exploit!
Once your scans are complete, you’ll need to analyze the data to determine where you are most vulnerable and exposed—and then check Twitter to see if that particular vulnerability is being exploited in the wild. I follow a large number of security researchers on Twitter to keep up with current tactics, techniques, and procedures (TTPs).
If you find vulnerabilities, you have to get the systems patched as soon as possible. In fact, the longer a credit union waits to patch a system, the more vulnerable it becomes. You should shoot for getting everything patched within 90 days. That can be hard, especially if you have a fairly large organization with lots of endpoints and servers.
You may have to cherry-pick and prioritize—and the first order of business is always going to be your public assets. From there, you can work your way inside to the critical systems in your internal infrastructure. In the cloud world, you may not have a lot of internal systems, but if a bad guy gets ahold of an endpoint that has access to a critical system in the cloud, you’re in trouble. So keeping the endpoints patched and up to date is incredibly important.
Everything I’ve said regarding human firewalls and patching systems is based on the Center for Internet Security (CIS) controls that provide prioritized cybersecurity best practices. You can join CIS for free and gain access to a number of high-quality documents that will help to harden your network and systems.
Using these resources as a starting point can save you a lot of headaches and hassles—and you’ll be in better shape if the bad guys strike.