With attackers exploiting zero-day vulnerabilities within weeks of their uncovering, it is critical that businesses take a proactive approach towards patch management and intel sharing in order to shore up their defences.
Microsoft's monthly 'Patch Tuesday', on the second Tuesday of each month, typically brings with it dozens of security updates addressing vulnerabilities in a range of Microsoft products – from Windows and Office to Active Directory and Azure.
Quickly installing security patches in a business environment can be challenging, but businesses no longer have the luxury of holding off. Rapidly patching applications and operating systems are two of the key items in the list of "Essential Eight" security practices recommended by the Australian Signals Directorate, which is responsible for cyber warfare and information security.
This July's Patch Tuesday delivered 84 patches from Microsoft, including one to address a previously unannounced zero-day vulnerability in Windows. The vulnerability was already being exploited in the wild, says Jason Koch – Cyber Incident Response Team Lead at Orro.
"That's why installing security patches as quickly as possible is so important," Koch told Orro's recent Cybersecurity Webinar.
"Generally speaking, within 30 days or so of a new vulnerability becoming known, we see exploits emerge if attackers feel that they are useful to them – such as helping ransomware get a foothold in your business."
Many attacks exploit older vulnerabilities which have already been patched by the vendor, taking advantage of the fact that some businesses can be very slow to install patches.
Bad actors study their targets' IT infrastructure for potential weaknesses, so they are ready to quickly weaponise new exploits and attack before a business can install the latest security patches.
To defend against this, Koch says businesses need to follow suit and also take a proactive approach to understanding and addressing their potential vulnerabilities.
"It's important to review your position and know your exposure, for example, to know which systems are external-facing and to ask whether they really need to be external-facing," he says.
"Also ask yourself, does that external-facing system have multi-factor authentication? Does it have all the controls that it should? Such thinking goes a long way to reducing your external risk and exposure."
A proactive approach to addressing cyber threats should also extend to cyber threat intelligence sharing, particularly in sectors such as financial services. The Financial Services Information Sharing and Analysis Centre (FS-ISAC) leverages its intelligence exchange platform, resiliency resources, regular member briefings and trusted p2p network to anticipate, mitigate and respond to cyber threats.
FS-ISAC shares critical cyber intelligence among its members and trusted sources, plus it builds awareness through a robust offering of alerts, indicators, member insights, threat assessments and analysis. Its intelligence exchange platform has 16,000 active users, with members across 75 countries and representing $100 trillion dollars in assets.
"FS-ISAC is dedicated to safeguarding the global financial system by reducing cyber risk," says Lachlan Pope, Regional Director ANZ at FS-ISAC.
"The greater the network of participants, the better the network effects in terms of sharing and also building their collective resilience."
Allowing for the sensitive nature of cybersecurity incidents, FS-ISAC makes it easy for members to share information whilst specifying exactly what information will be shared with different types of stakeholders, and whether the information comes with specific caveats and explanations.
At the same time, tools such as Continuous Controls Monitoring (CCM) allow members to aggregate data from all relevant sources into a single, trustworthy platform which gives them a complete, real-time picture of their security posture.
Automated measurement identifies controls and safeguards are always working, while ongoing comparison of current state with the bank standards and highlights gaps in control coverage, Pope says.
"Overall, continuous monitoring reduces operational costs and maximises Security Operation Centre productivity," he says.
Along with helping protect the business against cybersecurity threats, FS-ISAC also helps their cybersecurity teams speak the language of the boardroom.
"A lot of our conversations with our members right now are about what they report to the board and how they report it," Pope says. "FS-ISAC can assist them with describing cyber risk in quantifiable terms."
"This helps cybersecurity teams communicate effectively, to ensure that investment is proportional to the risk and supports the strategic decisions of the board."
