May 2022 Security Update: 4 Cybersecurity Challenges

See what’s keeping IT security pros up at night and what the experts say can help overcome these challenges.

May 24, 2022

Cybersecurity Challenges #1: Cybersecurity Debt

A survey by CyberArk of 1,750 IT security professionals found that digital transformation has come at a price for many organizations. Cybersecurity debt – future costs of addressing accumulated security vulnerabilities that weren’t addressed when new systems were deployed – is building up. One significant source of this debt is the failure to protect assets from unauthorized access as identities proliferate. CyberArk points out that these identities aren’t only human users; machine identities now outnumber human identities by a factor of 45.

Action Items:

CyberArk lists strategies that survey respondents are using to mitigate cybersecurity debt, including;

Real-time monitoring of all privileged activity
Implement Zero Trust principles
Segment systems with critical applications from internet-connected devices
Monitor SaaS user accounts and access
Strong password policies
Just-in-time access, which limits access for a specific period
Read more in CyberArks’ 2022 Identity Security Threat Landscape report

Cybersecurity Challenge #2: Open Source Security

Tidelift research reveals that security is the most urgent challenge among organizations using open source solutions, and the larger the organization, the more urgent the issue. Tidelift also found that organizations with more than 10,000 employees face issues with complying with government regulations, and these organizations also struggle to manage open source solutions. Furthermore, only 15 percent of organizations are extremely confident in their open source management, and the majority are concerned about keeping it secure.

Also, only 37 percent of organizations are aware of new government regulations requiring software bills of materials (SBOMs) and software supply chain security requirements.

Action Items:

Tidelift shares best practices for open source management, including:

Centralized management of open source components
Use SBOMs for application development
Read more in the 2022 Open Source Software Supply Chain Survey Report

Cybersecurity Challenge #3: Protecting Education Data

Some of the biggest data breaches in the past six months targeted software platforms used by schools. Chicago Public Schools are the latest to publicly announce a huge data breach. A December 1, 2021, ransomware attack on Battelle for Kids, an educational non-profit that analyzes student data, resulted in the exposure of about 500,000 students and 56,138 school system employees.

This follows NYC schools’ announcement in March that 820,000 student records were compromised in a January attack on Illuminate Education, a solution that the New York City Department of Education uses to track grades and attendance.

Action Items:

The Netwrix 2021 Cloud Data Security Report on Education lists five activities or solutions that will help protect sensitive student and school employee data:

Audit user activity and behavior
Classify files based on content and protect the most sensitive
Automate routine, yet critical, tasks
Stay aware of supply chain vulnerabilities
Conduct risk assessments regularly

Cybersecurity Challenge #4: Keeping up with CVEs

The list of common vulnerabilities and exposures (CVEs) continues to grow. Recent alerts include:

CVE-2022-22954 and CVE-2022-22960: Vulnerabilities that affect some versions of VMware Workspace ONE Access, VMware Identity Manager (vIDM), VMware vRealize Automation (vRA), VMware Cloud Foundation and vRealize Suite Lifecycle Manager. Malicious actors can exploit these vulnerabilities to trigger server-side template injection that could enable remote code execution or escalation of privileges.
CVE-2022-1388: A vulnerability in some versions of F5 Networks BIG-IP software. The vulnerability enables hackers to gain control of systems through the management port or self-IP address. F5 released a patch on May 4; however, CISA says that unpatched F5 BIG-IP devices are “an attractive target.”
Updated list of Top Routinely Exploited Vulnerabilities: CISA updates its list of routinely exploited vulnerabilities, including
- CVE-2021-44228 “Log4Shell” that affects Apache’s Log4j library
- CVE-2021-26855, -26858, 26857, and 27065 “ProxyLogon” that affects Microsoft Exchange email servers
- CVE-2021-34523, -34473, and -31207 “ProxyShell” that also affect Microsoft Exchange email servers
- CVE-2021-26084, which affects Atlassian Confluence Server and Data Center.

Action Items:

Click the links to the Cybersecurity and Infrastructure Security Agency (CISA) website to find guidance to mitigate this cybersecurity challenge.
Develop a vulnerability management program and prioritize threats to address CVEs based on severity and risk to your organization.

For more security updates and insights, visit DevPro Journal’s Security resources page.

May 2022 Security Update: 4 Cybersecurity Challenges

Cybersecurity Challenges #1: Cybersecurity Debt

Cybersecurity Challenge #2: Open Source Security

Cybersecurity Challenge #3: Protecting Education Data

Cybersecurity Challenge #4: Keeping up with CVEs

Latest Software Developer News

Priority and Datacap Announce Strategic Technology Partnership

Datacap Wins PayTech Women Corporate Champion – Small Business Award

Epson OmniLink TM-m50II-H POS Receipt Printer Now Available

Epson OmniLink m-Series Receipt Printers Certified for Slice Register POS Systems Built Exclusively for Local Pizzerias

MicroTouch Collaborates with Exertis Almo to Bring Integrators New Interactive Touch Displays

New GitLab Research Reveals Rising Demand for Security and Efficiency in Software Development, Increasing Use of AI/ML in Security

Most Popular

Must-Have Payment Features for Software Success in 2021

Explainable AI: Why It’s Important to You and Your Clients

How to Solve the Hardware Nightmare for Third-Party Food Delivery Companies

4 Mistakes to Avoid When Building Your POS Reseller Channel