We have had several districts come online with CSI's CyberCNS Vulnerability Advisory Service. That has given me a substantial amount of vulnerability reports to sift through. One of the nice features of our service is that the vulnerability report not only shows the vulnerabilities, where they are, and how to resolve them, but it also attempts to prioritize what vulnerabilities are the most important to address based on threat intelligence from actual attacks and the difficulty in launching the attack.
Looking at vulnerabilities through that lens, it is obvious that not all vulnerabilities are equal.
Here is what I am seeing:
- Patch your operating systems - So many vulnerabilities are addressed by simply keeping your operating systems current. If you can't get a handle on doing this, or can't keep up, reach out to Lisa about CSI's patch management service.
- Patch your third-party applications. More specifically, if the sun rose today, you can assume you probably have one or more Adobe products with pre-existing security issues. That one or more of your browser vendors has serious security issues. Your VLC or Audacity probably has security issues.
This is not a complete list, but if you do this, you will substantially decrease your attack surface.
If you need help, managing all this patching or are ready to take the next step in your NIST CSF journey and begin to get a handle on vulnerabilities, assessments, and reporting, reach out to Lisa to discuss our Patch and Vulnerability services.
-Scott Quimby, CISSP
P.S. The next CSI Cybersecurity Event is this Wednesday, December 6th. Contact Lisa for details: email@example.com