Accelerating security threats are prompting companies to ever-more-frequent assessment and monitoring of vulnerabilities in their IT systems. Trends such as mobility, bring your own device (BYOD), and adoption of cloud computing are extending the enterprise and complicating the security risk landscape.
A recent report by Cambridge, Mass.-based Forrester Research warns that the expanding enterprise is overwhelming traditional vulnerability management (VM) efforts. A recent survey by Forrester of 180 U.S. CISOs (chief information security officers) and other security decision-makers found wide adoption of continuous monitoring (CM) among firms. Respondents reported that CM provides “better visibility into their environments, enabling them to make informed decisions regarding the risks to their organizations.”
Identifying Vulnerabilities
John Parkinson, affiliate partner at Chicago-based Waterstone Management Group, an advisory firm focused on serving the technology sector, told ThomasNet News in an interview that VM efforts need to focus on three particular areas of concern. First, he stressed, is the human factor: “The single biggest set of vulnerabilities you have are malicious or careless people.” Parkinson urged companies to “set clear policies on how they expect people to behave and make use of the tools you give them.” He recommended background checks on potential employees during recruiting and periodic security reviews on existing personnel.
For more stories like this visit Industry Market Trends
The second area of concern should be the company’s technology itself. “The biggest sin that we commit is never throwing anything away,” Parkinson said. “We typically see technologies that span at least a decade in terms of age. Vendors might well have stopped updating at least some part of your infrastructure,” leaving vulnerabilities the company can’t do anything about, even if vulnerability scanning flags them. “Best practice is to always update to the current version of the operating system and in software to never be more than two versions back from the current version.”
Parkinson’s third point is to recognize that “the enterprise doesn’t exist in isolation, that you are likely part of an extended network that reaches out of your perimeter to suppliers, customers, and business partners.” This means in your own VM program, “you need to worry about how good their vulnerability management is,” he said.
A paper on vulnerability management by Tenable Network Security, Columbia, Md.-based cybersecurity solutions developer, identifies several key weaknesses that enterprises need to watch out for:
● Software — Bugs can lead to “security weaknesses which if exploited can impact the confidentiality, the integrity, or the availability of that software or the data within that system.” This points to the need for a robust program for updates and patches.
● Implementation and configuration — System maintenance or troubleshooting might inadvertently leave security holes, or systems might not be configured securely in the first place.
● Changes in computer systems — Systems change constantly through upgrades and functionality additions, which can result in unanticipated vulnerabilities.
● Human elements — Proper training can help users be aware of dangers around issues such as weak passwords, changing computer configuration, turning off security measures to improve workstation performance, or installing unauthorized software.
Read More at ThomasNet
This article was originally published on ThomasNet News Industry Market Trends and is reprinted in its entirety with permission from Thomas Industrial Network. For more stories like this please visit Industry Market Trends.