Cybersecurity practices that can reduce vulnerability

Threats are often beyond our control, but vulnerabilities can be managed to reduce risk

by Sharon Chan, Regional Security Director (Greater China), AT&T

Cybersecurity risk is a function of threat, vulnerability and consequence. And it's different for every business.

For some, the consequences of non-compliance loom large. For many, it's the threat of malware or an undetected advanced persistent threat incident that keeps CIOs up at night.

What is true for all, however, is that while threats are often beyond our control, vulnerabilities can be managed to reduce risk.

Vulnerabilities can be software bugs or design flaws, risky user behavior or other gaps in your cybersecurity defenses. Hackers constantly look for these gaps. We know this because the AT&T network detects nearly 90 billion potential vulnerability probes a day across its global network.

This is important because nearly 80 percent of organizations in AT&T’s 2017 Global State of Cybersecurity survey reported at least one security incident during the year, most often by exploiting known vulnerabilities via employee mobile devices according to the survey.

Internet of Things (IoT) devices are a growing source of vulnerabilities. Enterprises can also be made more vulnerable through growth by acquisition, and by asset digitalization and cloud adoption, since the security of the union becomes the weakest part.

Most known vulnerabilities can be optimally managed through three key cybersecurity activities:

1. Inventory all devices connected to your network

Vulnerability assessments are useless without having an accurate accounting of what devices are connected to your network

2. Be vigilant in patching

Most breaches and/or cyber-attacks result from unpatched systems and software for known vulnerabilities

.Develop a regular process and cadence for identify vulnerabilities and working with vendors – hardware manufacturers and software developers – to test and deploy their patches to remediate those vulnerabilities you’ve identified. By simply keeping your devices up-to-date, you can keep many threats to known vulnerabilities at bay.

3. Train your employees to be a firewall

Cybercriminals capitalize on employees who have not been trained to recognize nefarious emails, links, and websites that once activated, can infiltrate computer systems. Make sure everyone in your organization is aware of the risks and the role they personally play in keeping data and operations safe from cybercrime.

To begin building your own comprehensive cyber defense, you need to first review and prioritize current vulnerability-related risks to inform security investments. In our experience, every business, no matter what size, needs to pay more attention to web and email security, in particular.

At AT&T, we use our proprietary data and ability to provide vulnerability assessments, as well as other tools and intelligence to address and remediate known vulnerabilities and help mitigate risks posed by zero-day attacks.

With an understanding of your vulnerabilities, you can then consider your upcoming business plans to determine what you may need to do now to ensure that these do not continue to compromise security.

Finally, expert support can be of great value in evaluating threats, predicting risk, reducing vulnerability, and preparing to react quickly and effectively when threats materialize.