In a sector of changing priorities, cyber security remains at the top of the list in any boardroom. With the threat landscape presenting challenges old and new, and the increasing risk of entities such as state-sponsored hacking, it is essential that businesses carefully craft their cyber security strategy to keep ahead of the next big attack.
The speed that threats evolve now demands real-time action from companies, who must maintain oversight of their attack surface and maintain as many assets as possible against vulnerabilities such as Log4Shell.
This week, we spoke to Bernard Montel, technical director EMEA at exposure management firm Tenable, to discuss how businesses can tackle their threat surface area, and the biggest risks.
Highlights
“You will be surprised that a year after, we've done a study at Tenable, a lot of companies are still vulnerable to Log4Shell. It's not that they've been lazy. We've seen once one element, which is very important is called reinfection, they've fixed the vulnerabilities partially or completely, but they install new software, and new technology, and now suddenly, those new technologies unfortunately, were using a very old library of of Log4j.”
“I mean, this is the only way they have to force organisations to increase the level of security. If you go back, for example, to GDPR which came out from the EU. I mean, by applying GDPR everywhere, mechanically the level of security has increased. That doesn't mean that we have reduced the number of attacks, the number of attacks as well has increased, but if we all together try to upload the level or the greater level of security, then mechanically, you know, we are better prepared.”
“An organisation itself has more than 500,000 assets. How can you manage that? So, I would not blame them to not fix Log4Shell, that they didn't fix it in January or February. You know, we knew when Log4Shell came out how deep it was embedded into some of the technologies.”
Footnotes
- The new wave of cyber security threats facing critical national infrastructure (CNI)
- Tenable Research Finds 72% of Organizations Remain Vulnerable to “Nightmare” Log4j Vulnerability
- Businesses urged to remain vigilant as Log4Shell issues persist one year on
- Microsoft says “it’s just too difficult” to effectively disrupt ransomware
- 'Systemic ID problems for 10 million Australians’ after Optus breach, warns minister
- Australia to increase maximum data breach penalty to $50 million
- MoD launches callout for tech to plug cyber security holes
- What is an SOC audit?
- What is GDPR? Everything you need to know, from requirements to fines
- Mastering endpoint security implementation
- What is big data analytics?
- What good AI cyber security software looks like in 2022
- How to use machine learning and AI in cyber security
Subscribe
-
Google faces 'first of its kind' class action for search ads overcharging in UKNews Google faces a "first of its kind" £5 billion lawsuit in the UK over accusations it has a monopoly in digital advertising that allows it to overcharge customers.
-
Neural interfaces promise to make all tech accessible – it’s not that simpleColumn Better consideration of ethics and practical implementation are needed if disabled people are to benefit from neural interfaces
-
Hackers are targeting Ivanti VPN users again – here’s what you need to knowNews Ivanti has re-patched a security flaw in its Connect Secure VPN appliances that's been exploited by a China-linked espionage group since at least the middle of March.
-
Broadcom issues urgent alert over three VMware zero-daysNews The firm says it has information to suggest all three are being exploited in the wild
-
Nakivo backup flaw still present on some systems months after firms’ ‘silent patch’, researchers claimNews Over 200 vulnerable Nakivo backup instances have been identified months after the firm silently patched a security flaw.
-
The new era of cyber threatsITPro Podcast With AI-powered attacks and state-backed groups, security teams face face a new wave of sophisticated threats
-
Everything you need to know about the Microsoft Power Pages vulnerabilityNews A severe Microsoft Power Pages vulnerability has been fixed after cyber criminals were found to have been exploiting unpatched systems in the wild.
-
Vulnerability management complexity is leaving enterprises at serious riskNews Fragmented data and siloed processes mean remediation is taking too long
-
A critical Ivanti flaw is being exploited in the wild – here’s what you need to knowNews Cyber criminals are actively exploiting a critical RCE flaw affecting Ivanti Connect Secure appliances
-
Researchers claim an AMD security flaw could let hackers access encrypted dataNews Using only a $10 test rig, researchers were able to pull off the badRAM attack
