Vulnerability management may not be the sexiest topic. But, while buzzier topics are certainly important, vulnerability management may just be the key to an effective data security strategy. According to a Ponemon Institute report, 42% of nearly 2,000 surveyed IT and security workers indicated that they had suffered a data breach in the last two years that could be blamed squarely on unpatched vulnerabilities. In this article, we’ll pull back the curtain on why vulnerability management matters and what we can do to support it.

More Openings for a Data Breach on a Growing Attack Surface

You are certainly aware of — or in the midst of building out — the hybrid cloud. As businesses continue to adopt public and private clouds and on-site databases, they become more flexible and agile. At the same time, they’re increasing the size of their attack surface when it comes to a data breach.

Let’s say we define the attack surface as X- and Y-axes. The X-axis marks every possible technical asset and the Y-axis marks all ways an attacker could exploit those assets. The attack surface expands endlessly. This is even more true if cloud adoption trends and patching gaps continue at the same pace.

But, that’s not why we’re doing this exercise.

Consider this same chart with vulnerability management and effective data security tools in place. Those can monitor for gaps and misconfigurations that can lead to a data breach. Suddenly, the Y-axis almost disappears. Its growth slows, turning the attack surface from a football field to a single swim lane. This narrow rectangle represents continued digital expansion with fewer surprises or unknown obstacles.

Learn more

Defense Is the Offense Against a Data Breach

Stopping the bad guys should be at the top of your list. Often the primary goal of any defensive team is to ensure threat actors — or careless employees — are spotted and stopped. But with unpatched vulnerabilities and misconfigurations being the number-one causes of data breaches, maybe that mantle should be shared.

It can be tempting to consider the offensive teams and tools that hunt for threats and stop attacks the heroes of the day. However, they often swing into action only once a data breach has already started. While no tool can stop every data breach, the defensive teams and tools should be given a similar investment and level of prestige. Without them, the attackers could enter without any trouble. And that would mean a lopsided scoreboard in favor of the ‘other team.’

Drafting the Right Team

If vulnerability management should be a cornerstone of IT and security programs, why are so few businesses devoting resources to support it?

Well, for one thing, it’s mundane. It is difficult to define the return on investment of a solution meant to stop threats when threats don’t succeed and can’t be quantified in the first place due to the problem being patched. Changing a mission-critical database’s password from ‘123456’ to something more secure isn’t exactly breaking news. But, it could do more to improve database security before an attack happens than any of the algorithms on the market today. That isn’t to say enterprise should stop investing in machine learning, threat hunting and predictive analytics when it comes to fighting a data breach or other attacks. Algorithms should also be used to detect openings and cut down on the time it takes to fix them.

That brings us to the second reason why businesses may shy away from vulnerability management: it can be complex. It requires teamwork between database admins and security teams, systems admins and others. These folks are tasked with tracking changes and trends over time. Their work may become more complex if you move this lengthy maintenance to the top of their to-do lists.

That is where a modern vulnerability assessment solution can help. It can run thousands of assessment tests across different hybrid or multicloud environments to detect gaps and misconfiguration. From there, it can prescribe steps to correct issues and deploy fixes. Siloes are on the way out as future-proof defense comes in.

It’s well past time to let vulnerability management take the field before a data breach happens.

Find out more about how IBM Security helps streamline data security vulnerability assessment with IBM Security Guardium.

More from Intelligence & Analytics

Email campaigns leverage updated DBatLoader to deliver RATs, stealers

11 min read - IBM X-Force has identified new capabilities in DBatLoader malware samples delivered in recent email campaigns, signaling a heightened risk of infection from commodity malware families associated with DBatLoader activity. X-Force has observed nearly two dozen email campaigns since late June leveraging the updated DBatLoader loader to deliver payloads such as Remcos, Warzone, Formbook, and AgentTesla. DBatLoader malware has been used since 2020 by cybercriminals to install commodity malware remote access Trojans (RATs) and infostealers, primarily via malicious spam (malspam). DBatLoader…

New Hive0117 phishing campaign imitates conscription summons to deliver DarkWatchman malware

8 min read - IBM X-Force uncovered a new phishing campaign likely conducted by Hive0117 delivering the fileless malware DarkWatchman, directed at individuals associated with major energy, finance, transport, and software security industries based in Russia, Kazakhstan, Latvia, and Estonia. DarkWatchman malware is capable of keylogging, collecting system information, and deploying secondary payloads. Imitating official correspondence from the Russian government in phishing emails aligns with previous Hive0117 campaigns delivering DarkWatchman malware, and shows a possible significant effort to induce a sense of urgency as…

X-Force releases detection & response framework for managed file transfer software

5 min read - How AI can help defenders scale detection guidance for enterprise software tools If we look back at mass exploitation events that shook the security industry like Log4j, Atlassian, and Microsoft Exchange when these solutions were actively being exploited by attackers, the exploits may have been associated with a different CVE, but the detection and response guidance being released by the various security vendors had many similarities (e.g., Log4shell vs. Log4j2 vs. MOVEit vs. Spring4Shell vs. Microsoft Exchange vs. ProxyShell vs.…

Unmasking hypnotized AI: The hidden risks of large language models

11 min read - The emergence of Large Language Models (LLMs) is redefining how cybersecurity teams and cybercriminals operate. As security teams leverage the capabilities of generative AI to bring more simplicity and speed into their operations, it's important we recognize that cybercriminals are seeking the same benefits. LLMs are a new type of attack surface poised to make certain types of attacks easier, more cost-effective, and even more persistent. In a bid to explore security risks posed by these innovations, we attempted to…