Patching to Secure All the Entrances
Some organizations will focus huge investments on solutions purporting to keep the cybersecurity equivalent of the front door reinforced enough to prevent a tank from rolling in during a full military invasion, while leaving the backdoor or street-level window hanging open with a brand new television in plain view.
One of the most easily avoidable ways that enterprises leave a wide-open path for cybercriminals onto their systems is through failing to install patches as necessary. When a vendor rolls out a patch, it means they’ve discovered a hole in through the cellar that they’ve mistakenly left open while building a house, and they’re giving the user a solution that blocks it off.
Patches are the new locks on the doors when the old keys have been compromised; they’re the blackout blinds that keep your new TV out of sight from the street. That’s why identifying vulnerable systems quickly and having hard, service-level agreement (SLA)-defined rules on the timeline for deploying patches on 95 to 100% percent of systems internally is a necessity. Patching software should be seen as inseparable from using that software.
Implementing two-factor authentication (2FA) to limit remote logins from unfamiliar IP addresses and workstations and following strong password rules are similarly basic but critical ways to cut off the easiest routes a cybercriminal has into a business network. If a cybercriminal doesn’t have a whole lot of time or money, cutting off the easy route is functionally equivalent to cutting off the only route.
Looking at it from this perspective, it’s clear why so many hacks can be attributed to missing the cybersecurity basics. “Basic” in this sense doesn’t mean easy, it means foundational. It’s critical that both IT and business units appreciate that. In fact, it is critical to improving the rather dismal statistics on cybersecurity events.
More Info: jobs that require a+ certification
One of the most easily avoidable ways that enterprises leave a wide-open path for cybercriminals onto their systems is through failing to install patches as necessary. When a vendor rolls out a patch, it means they’ve discovered a hole in through the cellar that they’ve mistakenly left open while building a house, and they’re giving the user a solution that blocks it off.
Patches are the new locks on the doors when the old keys have been compromised; they’re the blackout blinds that keep your new TV out of sight from the street. That’s why identifying vulnerable systems quickly and having hard, service-level agreement (SLA)-defined rules on the timeline for deploying patches on 95 to 100% percent of systems internally is a necessity. Patching software should be seen as inseparable from using that software.
Implementing two-factor authentication (2FA) to limit remote logins from unfamiliar IP addresses and workstations and following strong password rules are similarly basic but critical ways to cut off the easiest routes a cybercriminal has into a business network. If a cybercriminal doesn’t have a whole lot of time or money, cutting off the easy route is functionally equivalent to cutting off the only route.
Looking at it from this perspective, it’s clear why so many hacks can be attributed to missing the cybersecurity basics. “Basic” in this sense doesn’t mean easy, it means foundational. It’s critical that both IT and business units appreciate that. In fact, it is critical to improving the rather dismal statistics on cybersecurity events.
More Info: jobs that require a+ certification
Comments
Post a Comment