Find out why a vital component of vulnerability management needs to be the capacity to prioritize from Mariano Nunez, CEO of Onapsis and Threatpost Infosec Insiders columnist.
Repeated warnings from CISA and the Biden Administration on the Russian cyber threat over the last several months have heightened the state of alertness for U.S. agencies and businesses across industries, which are expecting ‘tit-for-tat’ cyberattacks from Russia in response to the Ukrainian aid package.
These cautions come as the Biden Administration’s FY2023 budget proposal demonstrates that cybersecurity is a top priority for the federal government. This additional funding for cybersecurity is significant in this new era of interconnected risk, especially between business applications and critical infrastructure.
Although guidance from the White House and CISA advising on this heightened risk for U.S. businesses and the increase in the proposed budget for cybersecurity within the federal government signals that more resources are needed to properly defend against these risks, this does not necessarily translate to more IT budget or security staff within most organizations in the private sector.
That means companies must take strategic steps immediately to ensure their business-critical applications remain secure, and they must do so with their current resources. Prioritizing the modernization of aging technology stacks will be essential to mitigate rising cybersecurity vulnerabilities and ensure the security of the organization’s critical systems and applications from malicious cyber campaigns. To do this effectively, hard prioritization decisions will have to happen.
Effectively Prioritizing Vulnerabilities in 3 Steps
A vital component of vulnerability management is the capacity to prioritize. Merely uncovering vulnerabilities and creating a list isn’t sufficient. Security teams require full context and awareness of the severity and possible business impact to make informed decisions on how to take action.
To understand what assets need the most urgent attention, enterprises must create a triage list or ensure one that exists is entirely up to date. This list is created by taking inventory of all assets across the cloud, on-premises, and hybrid environments. Once each potential issue has been identified, organizations should ensure they have included a detailed explanation of the business impact and an associated risk score. Then, with scores assigned and prioritization clearly defined, security teams can make step-by-step plans for remediation, making resolutions simple and making meaningful improvements to security posture with each step.
Safeguarding the Top Blindspot: ERPs
Almost any method companies would use to triage which assets need the most urgent attention would elevate one system to the top: Enterprise Resource Planning (ERP) systems. These business-critical applications carry out essential company procedures throughout the enterprise, from accounting to sales and purchasing. The reliability of ERP systems and their data is crucial to an organization’s capacity to carry out everyday functions. If that data were to be breached by cybercriminals, the results could be devastating.
Surprisingly, many of today’s threat detection tools don’t cover these business-critical applications, leaving a huge gap in CISOs’ security programs. Now that organizations have a clear picture of their biggest threats, they must ensure the cybersecurity solutions they adopt don’t have this blind spot and can provide threat detection and response for these essential applications. Security teams should be able to identify internal and external threats in real-time and understand their potential impact so they can respond quickly and effectively without having to spend considerable effort manually reviewing.
Achieving More Effective Risk Management
Every organization has limited time and resources, so they need to understand how to spend their next dollar or their security team’s next hour. They must know which patches need to be applied most urgently, what configuration changes are needed, and how to conduct testing for safe operation. By utilizing solutions that provide automated tools to help security teams avoid the need to examine all their security configuration variables manually, organizations can free up resources for more strategic tasks and achieve continuous threat detection and response for business-critical applications.