Detect, Act, and Protect: How Better Vulnerability Management Closes Cyber Security Gaps

By Lewis Martin – lewis.martin@ka2.io

Last year, an American hacker known by the alias Erratic recognised a misconfiguration in a company’s AWS server that left it vulnerable. The hacker was able to access large numbers of the company’s credit card applications with personally identifying information. Erratic did not profit from the breach, nor did she attempt to hide what she was doing, according to reports. The company she infiltrated was none other than the financial giant Capital One. Ultimately, the data breach involved over 106 million user records. Since then, a class-action lawsuit has been filed against Capital One.  

Perhaps the most troubling part of this story is that it all could have been prevented. The unauthorised access was due to a configuration vulnerability at Capital One, which may have left the company vulnerable for about five months prior to the attack.

Today, organisations continue to face similar threats of data breaches and cyberattacks. In fact, nearly half report they’ve had a data breach in the past 12 months, according to ServiceNow. As the severity and volume of attacks accelerate, modern organisations are still coming to terms with how to keep up with the ever-evolving threat landscape.  

While the specifics of every data breach are different, the root cause is more often than not a failure to detect key vulnerabilities, as in the case of Capital One. In fact, ServiceNow reports that 60% of victims report being breached due to a vulnerability for which a patch was available. Nearly 40% of victims knew the vulnerability existed before the breach occurred. 

It doesn’t have to be this way. The best way to protect against these potentially devastating data breaches is to be proactive. The modern organisation, in financial services or any industry, must leverage the right tools and processes to detect and resolve these issues in a timely manner. In this post, we make the case for the need to act quickly through patching, but also by investing in an automated, robust system for vulnerability management. 

It’s Happening More Often: Organisations Must Act Quickly 

As mentioned above, cyberattacks against businesses are on the rise. The overall volume of attacks has risen 17% over the last year, and the severity of these attacks is up by nearly one-third, as is the number of data breaches that involve internal actors (read: your staff) revealing sensitive information. The most frequent breaches include ransomware, funds transfer loss, and business email compromise (BEC) scams.  

On top of this, as working from home is the new “normal” for millions of employees, organisations face fresh security and compliance risks from collaboration platforms, shadow IT scenarios, limited or stressed tech and support staff, and a bevy of COVID-19-themed malware and scams.   

How to Protect Your Organisation  

In addition to timely, proactive patching and tracking, there are other measures your organisation can take to further protect your operations. The first is all about automation: invest in an automated system for vulnerability management to ensure that patching occurs in a smart and timely manner. An automated system will also help you identify and prioritise the most critical vulnerabilities and best utilise your limited team or resources. ServiceNow reports that a whopping 80% of organisations who employ automation techniques respond to vulnerabilities in a significantly shorter time frame. 

As a ServiceNow partner and domain expert in security operations, KA2 can help you respond faster and more effectively to incidents and vulnerabilities with strengthen Cyber security policies and procedures and implementation of the ServiceNow Security Operations application, a centralised security incident, orchestration, automation, and response engine built on the Now Platform. KA2 Smarter SecOps Service Management offers a best practice approach to delivering Security Management. 

We use our proven KA2 Smarter Framework methodology, combining the KA2 Compliance Workflow Engine™ with our Cyber Security and Service Management domain expertise, to ensure defined outcomes are met at pace and within budgetary spend. Overall, the framework is strategically designed to accelerate project delivery, while ensuring that all internal and external control, audit, and information security points are met and exceeded.   

Investing in cyber security processes and supporting tooling to automate vulnerability management and cyber incident management system will bring other benefits, such as reduced downtime, efficient prioritisation, and increased efficacy of your strapped IT staff, especially during this challenging work-from-home time.  We can also help you make the case for your cyber security improvements to your CEO or leadership team.

Please get in touch with us today to learn more and take the first step toward a more secure tomorrow.