Your computers, servers, and IoT-enabled devices are all critical in how you run your business. And keeping them secure is crucial if you wish to maintain strong cybersecurity defenses.
Just one unpatched device is all it takes for a hacker to get into your network, steal data, commit espionage, install malicious software, or just wreak general havoc. For example, an otherwise innocuous email attachment initiated the WannaCry ransomware attack that exploited unpatched medical imaging systems inside a UK hospital’s operational technologies network, causing an eventual economic impact of $4 billion in losses—all from an exploit that had a software patch available months before the attack.
To keep data safe and maintain compliance, every business should have a risk-based vulnerability management strategy in place for discovering and patching internal vulnerabilities in critical assets before they get exploited. While each business requires a unique strategy depending on its size and industry, every approach should include the following elements:
- Prioritize critical assets: While ransomware on an intern’s computer is a hassle, that same ransomware on a server, on your CEO’s computer, or on a device containing financial or consumer data is potentially disastrous. Give assets that are key to business operations or that store sensitive data top priority when it comes time to deploying security patches.
- Customize your scans: Once you prioritize your assets, use that information to customize your scanning policies and schedules. This lets you focus on possible vulnerabilities prevalent in one type of device, such as IoT devices, to find them more efficiently.
- Configure scan schedules: To avoid business interruptions, make sure to set scan schedules for different asset classes based on their maintenance schedules. That may require you to blacklist mission-critical classes of devices from scans to avoid interruption.
- Stay up to date with patches: It’s common for businesses to spend a lot of time scanning assets for vulnerabilities, only to have no time to take action and make fixes. For a company with thousands of endpoints running multiple apps, patch management is more than a full-time job. Once you understand your vulnerabilities, it’s important to have the strategy and resources in place to deploy security patches as quickly as possible.
- Track changes over time: By tracking vulnerabilities, you’ll gain insight into your overall security posture and risk trends. This helps you measure the ROI of your security efforts while making proactive adjustments.
Learn how to gain visibility into your cyber risk posture by downloading our white paper, Reduce Your Attack Surface with Continuous Risk Assessment.