What happens when you let a problem sit?
I’m sure you’re well aware of letting things sit too long. Let’s use that annoying faucet leak for an example. I had a friend who recently discovered her entire basement wall covered in black mold. Talk about hazards, the contractor that originally was hired to replace some ceiling lights quickly walked away from the job and recommended her family not step foot in the basement until the mold was completely removed.
It was just over three years since buying the house that the leaky pipe in question—a slow leak—lead to a health hazard that very few experts were willing to assess. It was three and a half weeks before the family could return to enjoy their basement, which became a hazmat and then construction zone before getting put back to normal use.
Network Security Problems Work The SAME Way
Every single year, the number of network vulnerabilities found and exploited grow at a near exponential rate. Most often, you put fixing patches or network vulnerability problems on a To Do list that simply gets longer and longer.
At first, some might not even have very visible symptoms—like that leaky pipe— but at some point the symptom gets so bad your team won’t be able to get any work done. A server crashes and you have no functioning backups, you get hit by a ransomware attack and ALL of your files are held hostage. The what if’s will likely be much worse than what comes from neglecting a leaky pipe.
What’s the scariest part of leaving vulnerabilities on your network?
Vulnerabilities never go away. Recent studies tracking vulnerabilities year after year show organizations that don’t nip problems in the bud when they first are discovered double their chances of an cyberattack or data breach every month they leave their network neglected—Microsoft and other software companies release patches to fix vulnerabilities. Hackers use these findings to reverse engineer problems and figure out how to penetrate your network.
There were 15,038 new network flaws discovered last year. That means, Microsoft, Adobe, Oracle and other tech companies have been actively finding flaws on their platforms and have been releasing fixes for your IT team to address. That number is nearly double the amount discovered in 2016 (9,837 vulnerabilities).
Why should you be concerned about this?
As the number of what in the industry people refer to as common vulnerabilities and exposures (CVEs) grow, the more opportunities hackers have to exploit those vulnerabilities. The more attempts they will make to get into your networks. If you’re missing ANY of the listed CVEs, you might be putting your entire network at risk. Cybersecurity experts recommend getting a network security assessment to make sure you have your ducks in a row.
What I want you to hear is that 2018’s list of CVEs is expected to near 20,000! That means twenty-thousand different ways for someone to break into your network, lock down and ransom your files OR steal sensitive staff, client, or donor data. And that 20,000 number just represents vulnerabilities found this year. That’s NOT a comprehensive list of vulnerabilities found year after year (that number is MUCH higher and if you’ve not been paying attention to fixing issues, your network is probably holier than Swiss cheese at this point).
870—that’s the number of daily identified vulnerabilities. Newly discovered flaws and unpatched issues that cybersecurity experts find. Of all of these security issues found, 12% fall into a category that experts mark as critical. What they mean by critical is that the issue either could lead to a complete network shut down—if exploited—or a vulnerability that in nearly every circumstance would give a hacker or cybercriminal access to your network from an attempted network breach.
Managing all of these vulnerabilities—CVEs—is really time consuming. And keeping track of which ones are on your network could be a full-time job.
In fact, nearly a quarter of organization IT Departments are aware of many of the critical vulnerabilities on their network—they simply don’t have sufficient resources or hands to address them. With fire-fighting user issues most of the day, security falls farther and farther down the list—to the point of nearly falling off. When 5 o’clock rolls around, they are probably glad to have gotten through 10 issues that day, forgetting entirely of all the implications of leaving your network sit without shoring up its security.
What is the most effective way to address the pile of network vulnerabilities that have likely piled up over time? Follow these four simple steps:
Identify—evaluate what specific vulnerabilities you actually have on your network. Most vulnerabilities are published online. Make sure your team has a comprehensive list to work with.
Prioritize—from that list of vulnerabilities, figure out which ones would critically effect your network. Make sure to put the issues that are the most devastating at the top of your Fix It list. Identify a timeline as to when issues will be resolved.
Delegate—make sure to assign your priorities out to your team. If there are issues that take a subject matter expert to get things done correctly, identify those issues and delegate appropriately. Have someone on your team follow up to make sure tasks/ vulnerability fixes are getting resolved to the schedule your team had committed to when prioritizing the issues.
Get a second opinion—most cybersecurity experts recommend getting a second pair of eyes to evaluate your network. Your team may think they have everything set, but may have missed something critical. Consider a network security assessment to make sure all of your i’s are dotted and t’s crossed.