by Trend Micro Research
As 2021 nears, enterprises have to orient themselves to the main focus areas and considerations. In response to the Covid-19 pandemic, organizations have had to rethink their operational and security processes — from business functions and cloud migrations to teleworking support. These, along with constant security risks, have not only challenged organizations in 2020 but also raised concerns regarding their readiness for disruption.
Now that working from home has become commonplace, houses have since been flipped into offices for the foreseeable future. More employees are using devices (some even personal) to access confidential data on home and corporate networks, which poses a considerable risk to any organization. Without secured access and robust security tools that protect the distributed attack surface, threat actors can easily hack into networks and jump from one machine to another until they find a suitable target.
Here are some of the other predictions that we believe security professionals and decision-makers should watch out for in the coming year.
by Gurmail Singh
In the previous part of this three-part series, we explained how organisations are increasingly exposed to financial and reputational risk through unpatched vulnerabilities. The bad news is that these flaws are being found and exploited on an ever-growing scale, thanks to the work of legitimate researchers on the one hand and cybercrime groups and nation state actors on the other. Fail to manage this risk effectively and your organisation may suffer a major data breach and/or ransomware-related outage.
by Bharat Mistry
If nothing else, the past year has shown us that the traditional network perimeter as we knew it is now gone. Today’s organisations run a complex blend of remote working endpoints, cloud applications and servers alongside their traditional on-premises assets. This inevitably creates new security and compliance challenges, because all the operating systems and software that run on these endpoints need continual patching against new malware exploits. Fail in this, and CISOs run the risk of a potentially serious security incident that could lead to widespread disruption and financial and reputational damage.
The problem is that patching is not as easy as it sounds. This is where virtual patching can help.
By Mohamed Inshaff
This past week, the US National Security Agency (NSA) released a rare security advisory urging organisations to patch a list of critical vulnerabilities. The top 25 list detailed the software flaws most frequently being targeted by state-sponsored Chinese operatives. Although most CVEs were published in 2020, a few date back several years.
What does this tell us? That many organisations are still not patching systems promptly enough, even though the result of a major state-sponsored or cybercrime intrusion could be catastrophic. This is where virtual patching can save the day.