Light Dark
September 15, 2022 By Mark Stone 3 min read
Government
Risk Management

The Cybersecurity and Infrastructure Security Agency (CISA) recently published a report highlighting a range of critical security vulnerabilities requiring attention from organizations of all types. The report was published with input from the National Security Agency (NSA) and similar agencies worldwide. It should be considered essential reading.

Many of the vulnerabilities in the report are not new. Instead, the report underscores a new level of awareness regarding how severe they are. Another important point to note is that these are not theoretical; they’re routinely abused by bad actors.

This article will explore what this report means for organizations and why the vulnerabilities mentioned are so relevant. Plus, see how you can effectively prioritize them.

The CISA report: What’s at stake?

In a recent release, CISA Director Jen Easterly highlighted the report’s findings.

“These vulnerabilities pose an unacceptable risk to federal network security,” she said. “We also strongly urge every organization — large and small — to follow the federal government’s lead and take similar steps to safeguard their networks.”

According to CISA, the vulnerabilities themselves take the form of a server-side template injection. It can cause remote code execution, escalate privileges to ‘root’ and allow threat actors to obtain admin access without the need to authenticate.

As a result, businesses need to be aware of these issues. It’s critical to take the right steps to protect against them. Make sure your teams are aware of and prepared for these threats.

Best practices for addressing the challenges

To understand the best way to handle the vulnerabilities in the report, it’s important to acknowledge the most common weaknesses businesses face today.

According to the NSA, these are:

  • Failing to enforce multi-factor authentication
  • Applying privileges or permissions poorly
  • Errors within access control lists
  • Failing to keep software up to date.

So, what can you do to mitigate these weaknesses and build more effective defenses against security vulnerabilities? NSA recommends starting with mitigations that control access, harden credentials and establish centralized log management.

This strategy requires close teamwork between multiple elements of your business.

Rallying your team around weak points

As a general rule of thumb, make sure your teams are aware of weak points and the steps they must take to mitigate them.

Most of the time, it helps to hold regular meetings and training to ensure everyone is up to date. These can minimize or remove confusion. Encourage questions from all stakeholders, and distribute resources to help everyone stay educated and aware.

Building a non-alarmist business case for more support

Building effective defense isn’t just a job for security teams. It’s an all-hands effort that never exists in a vacuum and impacts everyone to some degree. One of the key duties of security leaders is gaining support from decision-makers and stakeholders. Without them, you can’t obtain the resources and backing to do the best job possible.

As a result, you’ll need to build a compelling business case for more support.

Here’s how:

  • Clearly link security projects to business outcomes. Demonstrate how greater investment in security benefits the business from a financial perspective. Highlight how failing to put digital defense can be costly.

  • Don’t use overly technical language. Speak in plain English wherever possible, and be prepared to clarify or explain certain points if needed.

  • Use hard data as much as possible. Again, link back to relevant business metrics. Show how increased security support can impact things like return on investment in concrete terms.

  • Avoid being overly alarmist or negative. Instead of presenting security solely as a way to avoid disaster, frame it positively as a means to increase the value of the business and enable more productive work.

Use the right security tools

The good news is that there are a wealth of tools to help combat the threats in the CISA report.

Companies can use tools to assess vulnerabilities and help choose which ones to patch first. This allows you to take a more structured and evidence-based approach, helping you focus your efforts and resources where they’re most needed for maximum effect.

Here are some of the tools you can use to stay on top of threats, prioritize well and defend against them before they happen:

  • Endpoint Detection and Response — gathers info across a wide range of endpoints to maintain insight into threats

  • SIEM — collects and analyzes events and works with other data sources to help detect threats and manage incidents

  • Network Detection and Response (NDR) — monitors entire networks and uses data analytics and machine learning to detect and deal with threats

  • SOAR — a suite of different tools, all aimed at learning more about threats and responding without the need for human control.

A mix of solutions

Using the right mix of tools and knowing how to use them with maximum efficiency is essential if you want to stay on top of vulnerabilities and keep your organization secure. The right tools allow you to prioritize threats so you can concentrate on the most serious sources of danger without spreading your resources too thin.

As a result, it’s essential to have a good command of all your different tools that empower you to easily identify threats and prioritize and respond quickly and accurately.

 |  |  |  |  |  | 
Mark Stone

More from Government
August 14, 2024

CIRCIA feedback update: Critical infrastructure providers weigh in on NPRM

3 min read - In 2022, the Cyber Incident for Reporting Critical Infrastructure Act (CIRCIA) went into effect. According to Secretary of Homeland Security Alejandro N. Mayorkas, "CIRCIA enhances our ability to spot trends, render assistance to victims of cyber incidents and quickly share information with other potential victims, driving cyber risk reduction across all critical infrastructure sectors."While the law itself is on the books, the reporting requirements for covered entities won't come into force until CISA completes its rulemaking process. As part of…

May 30, 2024

Important details about CIRCIA ransomware reporting

4 min read - In March 2022, the Biden Administration signed into law the Cyber Incident Reporting for Critical Infrastructure Act of 2022 (CIRCIA). This landmark legislation tasks the Cybersecurity and Infrastructure Security Agency (CISA) to develop and implement regulations requiring covered entities to report covered cyber incidents and ransomware payments.The CIRCIA incident reports are meant to enable CISA to:Rapidly deploy resources and render assistance to victims suffering attacksAnalyze incoming reporting across sectors to spot trendsQuickly share information with network defenders to warn other…

April 18, 2024

Unpacking the NIST cybersecurity framework 2.0

4 min read - The NIST cybersecurity framework (CSF) helps organizations improve risk management using common language that focuses on business drivers to enhance cybersecurity.NIST CSF 1.0 was released in February 2014, and version 1.1 in April 2018. In February 2024, NIST released its newest CSF iteration: 2.0. The journey to CSF 2.0 began with a request for information (RFI) in February 2022. Over the next two years, NIST engaged the cybersecurity community through analysis, workshops, comments and draft revision to refine existing standards…

Topic updates

 Get email updates and stay ahead of the latest threats to the security landscape, thought leadership and research.
Subscribe today
© 2024 IBM Contact Privacy Terms of use Accessibility Cookie Preferences
Sponsored by si-icon-eightbarfeature