Once a security policy has been agreed, areas of vulnerability have been outlined and the values of different types of data and responsibilities are agreed, the next step is to ensure the existing technology infrastructure is secure.
As systems become more complex due to additions to new software and hardware, vulnerabilities can appear quicker.
Secure configuration is a question of maintaining control as the IT environment evolves. Ensuring you know what applications end users are downloading and that a comprehensive update strategy is in place to patch software is crucial.
When users download and install software, it can conflict with existing applications and create vulnerabilities as unpatched software presents an open door for hackers.
Industrial scale subterfuge
It’s worth remembering that hackers and cyber criminals put enormous effort into identifying and exploiting software vulnerabilities. In fact, there is a vast underground network operating largely on the dark web dedicated solely to developing malware that exploits vulnerabilities and selling it to other hackers.
One of the difficulties for IT administrators is managing all of the applications within an IT environment. Given the size of some IT operations, it can feel like, and often is, an impossible task without expert guidance and the right tools.
While the NSCS guidelines quite rightly point out that, “Without an awareness of vulnerabilities that have been identified and the availability (or not) of patches and fixes, the business will be increasingly disrupted by security incidents.”
Holistic and centralised approach
A salient point and a nightmare for any CIO is a major system breach, which happens as the result of unpatched software or the exploitation of insecure system configurations.
Adopting a holistic approach will help secure configuration and also urge endpoint standardisation. This will help simplify and manage what can sometimes feel chaotic. Centralising the management approach also ensures industry best practise is maintained.
Closing the door
There are a number of unrivalled benefits to this approach. Firstly, it ensures endpoints and applications are not only patched but also properly configured. When implemented correctly it also carries out assessments on software flaws and configuration vulnerabilities, whilst at the same time delivering rapid remediation, continuous validation and policy compliance reporting.
Secondly, everything that is happening across the network, from software downloads to new endpoints that are added can be seen. As a result, potential vulnerabilities are flagged and standards-based remediation is applied ensuring optimum security.
An example of how patching can prevent security vulnerabilities, was when Wannacry hit the world. Microsoft released a critical patch to fix the SMB vulnerability that was exploited by Wannacry, a month before Wannacry went live.
Let MTI help understand your configuration, and how to secure it with our Cyber Security Maturity Assessment.
Our CSMA provides an in-depth review of your organisation’s ability to protect its information assets and its ability to respond to cyber threats. The assessment looks beyond pure technical competency. It takes a balanced view of how prepared your organisation is for cyber threats across people process and the technologies deployed to counter vulnerabilities.