Cybersecurity Challenges #1: Cybersecurity Debt
A survey by CyberArk of 1,750 IT security professionals found that digital transformation has come at a price for many organizations. Cybersecurity debt – future costs of addressing accumulated security vulnerabilities that weren’t addressed when new systems were deployed – is building up. One significant source of this debt is the failure to protect assets from unauthorized access as identities proliferate. CyberArk points out that these identities aren’t only human users; machine identities now outnumber human identities by a factor of 45.
Action Items:
CyberArk lists strategies that survey respondents are using to mitigate cybersecurity debt, including;
- Real-time monitoring of all privileged activity
- Implement Zero Trust principles
- Segment systems with critical applications from internet-connected devices
- Monitor SaaS user accounts and access
- Strong password policies
- Just-in-time access, which limits access for a specific period
- Read more in CyberArks’ 2022 Identity Security Threat Landscape report
Cybersecurity Challenge #2: Open Source Security
Tidelift research reveals that security is the most urgent challenge among organizations using open source solutions, and the larger the organization, the more urgent the issue. Tidelift also found that organizations with more than 10,000 employees face issues with complying with government regulations, and these organizations also struggle to manage open source solutions. Furthermore, only 15 percent of organizations are extremely confident in their open source management, and the majority are concerned about keeping it secure.
Also, only 37 percent of organizations are aware of new government regulations requiring software bills of materials (SBOMs) and software supply chain security requirements.
Action Items:
Tidelift shares best practices for open source management, including:
- Centralized management of open source components
- Use SBOMs for application development
- Read more in the 2022 Open Source Software Supply Chain Survey Report
Cybersecurity Challenge #3: Protecting Education Data
Some of the biggest data breaches in the past six months targeted software platforms used by schools. Chicago Public Schools are the latest to publicly announce a huge data breach. A December 1, 2021, ransomware attack on Battelle for Kids, an educational non-profit that analyzes student data, resulted in the exposure of about 500,000 students and 56,138 school system employees.
This follows NYC schools’ announcement in March that 820,000 student records were compromised in a January attack on Illuminate Education, a solution that the New York City Department of Education uses to track grades and attendance.
Action Items:
The Netwrix 2021 Cloud Data Security Report on Education lists five activities or solutions that will help protect sensitive student and school employee data:
- Audit user activity and behavior
- Classify files based on content and protect the most sensitive
- Automate routine, yet critical, tasks
- Stay aware of supply chain vulnerabilities
- Conduct risk assessments regularly
Cybersecurity Challenge #4: Keeping up with CVEs
The list of common vulnerabilities and exposures (CVEs) continues to grow. Recent alerts include:
- CVE-2022-22954 and CVE-2022-22960: Vulnerabilities that affect some versions of VMware Workspace ONE Access, VMware Identity Manager (vIDM), VMware vRealize Automation (vRA), VMware Cloud Foundation and vRealize Suite Lifecycle Manager. Malicious actors can exploit these vulnerabilities to trigger server-side template injection that could enable remote code execution or escalation of privileges.
- CVE-2022-1388: A vulnerability in some versions of F5 Networks BIG-IP software. The vulnerability enables hackers to gain control of systems through the management port or self-IP address. F5 released a patch on May 4; however, CISA says that unpatched F5 BIG-IP devices are “an attractive target.”
- Updated list of Top Routinely Exploited Vulnerabilities: CISA updates its list of routinely exploited vulnerabilities, including
- CVE-2021-44228 “Log4Shell” that affects Apache’s Log4j library
- CVE-2021-26855, -26858, 26857, and 27065 “ProxyLogon” that affects Microsoft Exchange email servers
- CVE-2021-34523, -34473, and -31207 “ProxyShell” that also affect Microsoft Exchange email servers
- CVE-2021-26084, which affects Atlassian Confluence Server and Data Center.
Action Items:
- Click the links to the Cybersecurity and Infrastructure Security Agency (CISA) website to find guidance to mitigate this cybersecurity challenge.
- Develop a vulnerability management program and prioritize threats to address CVEs based on severity and risk to your organization.
For more security updates and insights, visit DevPro Journal’s Security resources page.
