Hackers targeting vulnerabilities in ongoing attacks ~
Threat actors increasingly target known vulnerabilities.
Introduction
Nation-state actors are exploiting known vulnerabilities in several VPN [Virtual Private Network] and other remote access products, indicating a troubling trend for organisations; plus many routes into organisations depend on up-to-date strong firewalls and other defendable points - which we routinely find is sadly lacking in the majority of cases and enables easy access points for hackers of all stripes backgrounds and capabilities - both nation-state, crooks and other independent actors.
Advanced active research and proof-of-concept takes us into another realm compared to most experts, and is continually recognised by independent organisations.
Functional risk-based approach to cybersecurity
To withstand the risks attached to never-ending cyberattacks, organisations need to adopt a risk-based approach to cybersecurity that includes:
A comprehensive Vulnerability Management program that includes three elements:
continuous awareness of the threat landscape (e.g., from advisories, notifications, cyber news, etc.);
vulnerability scanning to understand which systems are inadvertently exposed; &
continuing and disciplined upgrade and patch management.
Phishing and Security Awareness Training (PSAT) for all internal and external employees to build a culture of cyber resilience by leveraging a context-relevant training program and driving organisational behavioral change, often using Virtual Machines and controllable Citrix workspaces. This helps take away one of the threat actors’ most common attack vectors.
Managed Detection and Response (MDR) with multi-signal attack surface coverage, powered by a strong “Extended detection and response” (XDR, Microsoft) - a platform foundation plus human expertise, to identify, contain, and respond to threats that bypass existing defenses 24/7.
Digital Forensics and Incident Response (DFIR) expertise through the engagement of an incident response provider on retainer who can support with Security Incident Response Planning, and Emergency Preparedness as well as incident response, remediation, digital forensics investigation, root cause analysis and crime scene reconstruction in the event of a severe incident or breach.
In combination, these security initiatives are foundational elements of a cybersecurity program that mitigates costly consequences and relieves operational burdens, helping organisations get the most out of their IT and security budgets.
As investment in cybersecurity is committed, it must be elevated to a board-level issue and discussed alongside other business imperatives including growth, continuity planning and governance, with regular metrics and reporting showing progress toward business outcomes.
After all, cybersecurity isn’t an IT problem to solve—it’s a business risk to manage.
fintech security forensic and anti-forensic.