Old tricks still work
Scott Huxley
🔒 Driving Business Value by Reducing Technical Debt | LinkedIn Humorist 🇬🇧
Whilst the security landscape suggests that we all continue to face increasingly complex threats the truth is many old and simple ones still work well.
In 2023 over 26,000 vulnerabilities were reported. Indeed 50% of the 206 high-risk vulnerabilities were used by ransomware gangs to exploit their victims' networks.
The remediation time for these? On average 58 days.
As we look further though cybercriminals can just leverage ones we have not addressed yet.
But why?
Now, I carry no ethical hacker certs or anything fancy like that. However, a quick Shodan query showed me several Windows Server 2016 devices that are possibly open to be exploited. All of which I could throw a rock at from my office.
So it's clear that hitting an organization with a cyber security incident isn't too hard. Some of the easy ones that require little work-
Until we get the basics right then sophisticated attacks are the least of our worries.
Recommended by LinkedIn
One of the locations on my quick search included a healthcare organization with around 12 locations, they can surely easily afford to be doing the right thing right? Yet we think we are good until someone helps us understand we are not.
Fixing this trend
As the saying goes you cannot address what you do not know about, so constant vulnerability scanning would be a start.
Understanding where you are vulnerable is key to addressing these gaps and, finally, the leadership support to make the financial commitments you have to tackle.
Countless times IT companies run a vulnerability scan, report it to a business owner and they just shrug their shoulders. You might want to make a quick exit if you are sitting on the other side of that table.
Next time an organization gets hit with ransomware or suffers a data breach, it most likely was not a very complex attack. You made it simple.
Securely yours,
Scott