Lack of proactive measures
Posted: Mon Feb 10, 2025 3:54 am
Williams uses the metaphor of the Maginot Line, the fortification France built along its eastern border in the 1930s to deter a German invasion. Although impenetrable at its strongest points, it was left unfortified near Belgium, allowing Germany to bypass it. Likewise, impenetrable firewalls are of no use unless they surround all of an organization’s assets or unless they are properly monitored and maintained.
“The gaps are in management. Can I find someone who can look at our entire vulnerability landscape, where I have 11 tools, and figure out where the gaps are? What we end up with is an environment austria mobile database we don’t really know what’s going on,” he says. “You can’t be sure you’ve covered everything. Sure, you’re doing the best you can. But no matter how good you feel today, tomorrow might not be the same.”
The Cybersecurity and Infrastructure Security Agency (CISA) has begun compiling a catalog of particularly dangerous practices to avoid, including using outdated software, default passwords, and single-factor authentication.
Jones specifically points to the use of outdated software. “All currently deployed IT security solutions should be assessed and categorized as retained, upgraded, or retired,” he advises.
In addition, threat hunting, penetration testing, and patching should be performed regularly. Some vulnerabilities, known as zero-day vulnerabilities, may not yet be identified and fixed by the software vendor. However, N-day vulnerabilities have already been identified and can be easily fixed with a regular patch. However, as we know, the companies affected by the WannaCry attack did not fix the N-day vulnerability in one of Microsoft’s products.
“The gaps are in management. Can I find someone who can look at our entire vulnerability landscape, where I have 11 tools, and figure out where the gaps are? What we end up with is an environment austria mobile database we don’t really know what’s going on,” he says. “You can’t be sure you’ve covered everything. Sure, you’re doing the best you can. But no matter how good you feel today, tomorrow might not be the same.”
The Cybersecurity and Infrastructure Security Agency (CISA) has begun compiling a catalog of particularly dangerous practices to avoid, including using outdated software, default passwords, and single-factor authentication.
Jones specifically points to the use of outdated software. “All currently deployed IT security solutions should be assessed and categorized as retained, upgraded, or retired,” he advises.
In addition, threat hunting, penetration testing, and patching should be performed regularly. Some vulnerabilities, known as zero-day vulnerabilities, may not yet be identified and fixed by the software vendor. However, N-day vulnerabilities have already been identified and can be easily fixed with a regular patch. However, as we know, the companies affected by the WannaCry attack did not fix the N-day vulnerability in one of Microsoft’s products.