Unpatched vulnerabilities are literally everywhere — software, apps, programs, operating systems, even browsers. And, because we live and work in a data-centric world where hyperconnectivity is the norm, an unpatched vulnerability in one single end-point can carry major consequences by opening the door to massive attacks.
One in three breaches are caused by unpatched vulnerabilities. According Verizon Enterprise’s 12th annual Data Breach Investigations Report (DBIR) released in May, vulnerability exploitation made the list of the top three most prominent hacking variety and vector combinations. So far, in 2019, there have been more than 11,000 vulnerabilities reported to the Common Vulnerabilities and Exploits (CVE) database — 34% of which remain unpatched.
The WannaCry ransomware attack which targeted computers running Microsoft Windows OS, is just one painful reminder of how an unpatched vulnerability can spread globally with disastrous results in a very short period of time. More recently, it has been noted that Cybercriminals are launching Remote Desktop Protocol (RDP) attacks by using BlueKeep, a “wormable” vulnerability that self-replicates malware to spread across the Internet rapidly. A compromised RDP server can then quickly invade networks consisting of millions of Internet-connected RDP servers.
Here are a few best practices that we recommend to make sure that you are keeping your systems up to date with the latest patches installed and keep you protected.
- Automate updates! Relying on people and processes to check for and manually install updates is an open invitation for trouble. Automate your systems to download install patches and updates as they are released — operating systems, applications, software, browsers, etc.
- Backup your systems. If you get hacked, you can simply restore to a known good, working system from an earlier point in time after fully patching to avoid re-infection. A backup is the cheapest and easiest “insurance” you can buy for your critical systems.
- Avoid free or low-quality software that comes from unknown or non-reputable sources as those can often be easily exploited by hackers.
- Use a recent and high-quality antivirus software which includes firewall and anti-spyware software with up-to-date signatures. And then make sure those are set to automatically update.
- Advise teams across your entire organization if and when there is any sort of security warning with a reminder to be extra vigilant when it comes to downloads, attachments or suspicious links.
- Use real-time data feeds which enable you to block traffic to known malicious sites and are designed to provide continuous updates of IPs and URLs which are compromised, malicious, part of a bot not, or categorized as ‘bad’ traffic in any other way.