FeatureThose with their heads buried in the sand may be unaware that, parallel to the pandemic, the GCC suffered through one of the worst surges in cyberattacks in living memory.
And for those whose heads remain buried, the great economic opportunities of the region may pass them by as they try to recover from cyberattacks that could have been prevented.
One measurable source of denial is in patching. A recent report from Digital14, shows the extent of the challenges faced by UAE organisations in the subfield of vulnerability management. Some enterprises are running assets with unpatched vulnerabilities that were discovered five, and in some cases twenty, years ago.
Parallel to the pandemic, the GCC suffered through one of the worst surges in cyberattacks in living memory
As remote working is now likely to remain an integral part of corporate life, this implies a growing range of digital assets outside the control of IT. And we are not just talking about unvetted endpoints. Enterprise data now slithers its way through third-party clouds and networks of unknown pedigree. It is time to take a breath and rethink vulnerability management.
Let’s start with the obvious — today’s security teams have their hands full. And they are fully aware of the importance of timely, consistent patching. They realise that breaches are often caused by the lack of security. And patch releases are not the problem either. Security professionals can set their watches by them. No, the problem for under-resourced teams is volume.
So how could the region’s under-resourced, overworked technology teams cope with all of this?
According to data from X-Force Red, nearly 18,000 new vulnerabilities were found in 2020. At the time of writing this article, CVE Details reported more than 16,000 vulnerabilities have been uncovered in 2021. Among these discoveries is a daunting range of severities, commonalities, and complexities. Some may affect little-used assets in niche industries; others may be present in the products of major vendors. So how could the region’s under-resourced, overworked technology teams cope with all of this?
CVE Details reported more than 16,000 vulnerabilities have been uncovered in 2021
As with most problems in life, it starts with getting to know oneself. A comprehensive — that is to say, complete, accurate, and categorised — list of IT assets allows organisations to see what patches are needed where. Nothing should be side-lined or underestimated. Anything digital or physical that is connected directly or indirectly to the IT estate is eligible for inventory.
But wait. Does the IT or security team control the patching process? If it is not the security team, they need to either take control or attach themselves closely to the responsible party. Notification of vulnerabilities means little without the ability to initiate action and verify execution.
According to data from X-Force Red, nearly 18,000 new vulnerabilities were found in 2020
If delegation of patching is the practice, then monitoring is vital. The discovering party must take ownership of scheduling and implementation. If a fix is critical, stakeholders must be able to ensure it is actioned in good time. KPIs and SLAs are a good way to do this, depending on whether the actioning party is internal or a third-party contractor.
Now that patching has, theoretically, been tweaked and aligned, how about turbocharging it with some automation? Even an ideal patch workflow can still be labor-intensive, meaning we still have not solved the problem of overwhelmed technologists.
Modern automation tools are perfectly capable of prioritising patches based on severity, the existence of known exploits, deployment time, and other criteria. Where major vendors are involved, trusted patches can even be automatically applied on non-business critical assets.
Among these discoveries is a daunting range of severities, commonalities, and complexities
Automation is exceptionally helpful when one considers the volume of new vulnerabilities that are found each year. Operating systems and applications from major vendors are continually updated. And in an age where digital experience is everything, corporate IT teams are bombarding their customers with enhancements.
Automation is helpful when one considers volume of new vulnerabilities and where operating systems and applications from vendors are continually updated.
