September 15, 2022 By Mark Stone 3 min read

The Cybersecurity and Infrastructure Security Agency (CISA) recently published a report highlighting a range of critical security vulnerabilities requiring attention from organizations of all types. The report was published with input from the National Security Agency (NSA) and similar agencies worldwide. It should be considered essential reading.

Many of the vulnerabilities in the report are not new. Instead, the report underscores a new level of awareness regarding how severe they are. Another important point to note is that these are not theoretical; they’re routinely abused by bad actors.

This article will explore what this report means for organizations and why the vulnerabilities mentioned are so relevant. Plus, see how you can effectively prioritize them.

The CISA report: What’s at stake?

In a recent release, CISA Director Jen Easterly highlighted the report’s findings.

“These vulnerabilities pose an unacceptable risk to federal network security,” she said. “We also strongly urge every organization — large and small — to follow the federal government’s lead and take similar steps to safeguard their networks.”

According to CISA, the vulnerabilities themselves take the form of a server-side template injection. It can cause remote code execution, escalate privileges to ‘root’ and allow threat actors to obtain admin access without the need to authenticate.

As a result, businesses need to be aware of these issues. It’s critical to take the right steps to protect against them. Make sure your teams are aware of and prepared for these threats.

Best practices for addressing the challenges

To understand the best way to handle the vulnerabilities in the report, it’s important to acknowledge the most common weaknesses businesses face today.

According to the NSA, these are:

  • Failing to enforce multi-factor authentication
  • Applying privileges or permissions poorly
  • Errors within access control lists
  • Failing to keep software up to date.

So, what can you do to mitigate these weaknesses and build more effective defenses against security vulnerabilities? NSA recommends starting with mitigations that control access, harden credentials and establish centralized log management.

This strategy requires close teamwork between multiple elements of your business.

Rallying your team around weak points

As a general rule of thumb, make sure your teams are aware of weak points and the steps they must take to mitigate them.

Most of the time, it helps to hold regular meetings and training to ensure everyone is up to date. These can minimize or remove confusion. Encourage questions from all stakeholders, and distribute resources to help everyone stay educated and aware.

Building a non-alarmist business case for more support

Building effective defense isn’t just a job for security teams. It’s an all-hands effort that never exists in a vacuum and impacts everyone to some degree. One of the key duties of security leaders is gaining support from decision-makers and stakeholders. Without them, you can’t obtain the resources and backing to do the best job possible.

As a result, you’ll need to build a compelling business case for more support.

Here’s how:

  • Clearly link security projects to business outcomes. Demonstrate how greater investment in security benefits the business from a financial perspective. Highlight how failing to put digital defense can be costly.

  • Don’t use overly technical language. Speak in plain English wherever possible, and be prepared to clarify or explain certain points if needed.

  • Use hard data as much as possible. Again, link back to relevant business metrics. Show how increased security support can impact things like return on investment in concrete terms.

  • Avoid being overly alarmist or negative. Instead of presenting security solely as a way to avoid disaster, frame it positively as a means to increase the value of the business and enable more productive work.

Use the right security tools

The good news is that there are a wealth of tools to help combat the threats in the CISA report.

Companies can use tools to assess vulnerabilities and help choose which ones to patch first. This allows you to take a more structured and evidence-based approach, helping you focus your efforts and resources where they’re most needed for maximum effect.

Here are some of the tools you can use to stay on top of threats, prioritize well and defend against them before they happen:

  • Endpoint Detection and Response — gathers info across a wide range of endpoints to maintain insight into threats

  • SIEM — collects and analyzes events and works with other data sources to help detect threats and manage incidents

  • Network Detection and Response (NDR) — monitors entire networks and uses data analytics and machine learning to detect and deal with threats

  • SOAR — a suite of different tools, all aimed at learning more about threats and responding without the need for human control.

A mix of solutions

Using the right mix of tools and knowing how to use them with maximum efficiency is essential if you want to stay on top of vulnerabilities and keep your organization secure. The right tools allow you to prioritize threats so you can concentrate on the most serious sources of danger without spreading your resources too thin.

As a result, it’s essential to have a good command of all your different tools that empower you to easily identify threats and prioritize and respond quickly and accurately.

More from Government

Updated SBOM guidance: A new era for software transparency?

3 min read - The cost of cyberattacks on software supply chains is a growing problem, with the average data breach costing $4.45 million in 2023. Since President Biden’s 2021 executive order, software bills of materials (SBOMs) have become a cornerstone in protecting supply chains.In December 2023, the National Security Agency (NSA) published new guidance to help organizations incorporate SBOMs and combat the threat of supply chain attacks.Let’s look at how things have developed since Biden’s 2021 order and what these updates mean for…

Roundup: Federal action that shaped cybersecurity in 2023

3 min read - As 2023 draws to a close, it’s time to look back on our top five federal cyber stories of the year: a compilation of pivotal moments and key developments that have significantly shaped the landscape of cybersecurity at the federal level.These stories highlight the challenges federal agencies faced in securing digital infrastructure in the past year and explore the evolving nature of cyber threats, as well as the innovative responses required to address them.New White House cybersecurity strategyThe White House’s…

ITG05 operations leverage Israel-Hamas conflict lures to deliver Headlace malware

12 min read - As of December 2023, IBM X-Force has uncovered multiple lure documents that predominately feature the ongoing Israel-Hamas war to facilitate the delivery of the ITG05 exclusive Headlace backdoor. The newly discovered campaign is directed against targets based in at least 13 nations worldwide and leverages authentic documents created by academic, finance and diplomatic centers. ITG05’s infrastructure ensures only targets from a single specific country can receive the malware, indicating the highly targeted nature of the campaign. X-Force tracks ITG05 as…

Topic updates

Get email updates and stay ahead of the latest threats to the security landscape, thought leadership and research.
Subscribe today