Patch management is a growing problem for IT/Sec-Ops teams. Surveyed cybersecurity professionals reported that attack volumes were up 15 percent and attack severity had increased 24 percent. But in 57 percent of breaches, hackers exploited vulnerabilities for which a patch was available but not applied.
It’s important to protect all of your devices, but with servers, the stakes can be stratospheric. Hackers who compromise a server can potentially harvest data for years and gain access to devices, processes and information throughout an organization — a nightmare scenario. A panel of experts discussed the threat to servers in a recent webinar hosted by AppGuard & Carahsoft.
Panelists worthy of any CISO’s attention, discussed and prioritized the methods China is using to compromise enterprises via their supply chain, including the currently rare, covert placement of spy chips into computing hardware. China’s ‘2025’ strategy to steal and degrade western economic power affects any enterprise that generates high-margin value and/or is in the same supply chain with those that do. The world has not seen such intense and pervasive nation-state aggression since the Cold War.
Donald J. Welch, Penn State, CISO
Anthony Cruz, Federal Energy Regulatory Commission, Cyber Thought Leader
Moderator: Neal Conlon, AppGuard Inc, VP Business Development
The CISO panel explored the challenges of 2018 and what remedies and priorities they consider important for 2019. Many enterprise cyber symptoms stem from inattention to basic blocking and tackling as well as under-utilization of existing tools. Flawed risk alignment contributes to these and other even greater issues. The panel also explored how the human factor affects cyber programs. They prescribed remedies to these matters that can be pursued in 2019 as well as shared what they expect to see next year.
The Equifax breaches and subsequent firing of the CEO, CIO, and CISO are a giant canary in the enterprise world. Their failures are far from unique. Most organizations struggle with the same issues too. But after a breach has occurred, challenges get reported as failures in the periodicals. Caricatures of what did or didn’t happen follow. Bigger issues are overlooked.