I think you can relate to the devastation when you let problems sit too long. Let me give you an example that recently affected someone in my hometown.
Miss Janice was an elementary school teacher in my local school. I distinctly remember her as my favorite teacher ever. She made second grade fun—even for a kid with dyslexia. Everyone loved Miss Janice. No one had a bad word to say of her.
But Miss Janice had some health issues that time and time again she overlooked. On a second grade teacher’s budget, she simply thought “I can’t afford that” or “I’ll take care of it myself” whenever she got sick.
But about 15 years ago, the doctor that treated Janice at the local clinic told her that she had Type II Diabetes and needed to take medication to lower her blood sugar. She scoffed at the suggestion she needed medicine. She told the doc that she’d take care of it.
A few years went by and, while at first Janice might have watched how much processed sugar she consumed, her habits remained the same. She enjoyed the same little pleasures as always—a sticky bun for breakfast and a small ice cream sandwich after dinner. No one could take these little pleasures away from her.
But about 6 years after getting the diagnosis of having diabetes, Janice went blind. Completely blind to the point where she could no longer drive and certainly had to retire from a job she simply loved doing. But still, Janice decided to not heed the doc’s advice and start treating her diabetes with medicine.
Instead, she stuck to her same routines. But a few years later, the doc ended up having to amputate her leg. Thinking it was too late and too expensive to do anything, Janice tried to remain positive—she did not have even an ounce of ill will in her and kept hoping that her health problems would just clear themselves up.
Janice died four years ago now. And what frustrated me from hearing the news is that her condition was treatable. She simply let her problem get too big and then it was too late.
Why am I telling you this sad story?
I’m sure there are all sorts of things that you plan to get around to. Some things might not be as serious as a major health problem. And some things could be easily remedied even if it got bad. One thing that I want you to be aware of is that network security issues start out relatively small—kind of like getting diagnosed with a treatable disease like diabetes.
The problem with network security is that nothing goes away. Every year, the number of network vulnerabilities found on your network snow balls. If you miss patches here and there, they are still around. Even if they’re on your ToDo list, they are still hanging out waiting to be exploited.
At first, some might not even have very visible symptoms—like that leaky pipe— but at some point the symptom gets so bad your team won’t be able to get any work done. A server crashes and you have no functioning backups, you get hit by a ransomware attack and ALL of your files are held hostage. The what if’s will likely be much worse than what comes from neglecting a leaky pipe.
What’s the scariest part of leaving vulnerabilities on your network?
Your network vulnerabilities snow ball. The truth is if you aren’t fixing those vulnerabilities on your network—especially applying critical security patches when a software company releases its patch bulletin—your security vulnerabilities are likely growing exponentially month after month. Hackers continue to exploit old and new vulnerabilities and reverse engineer ways to penetrate your network.
And the reality is… cybercriminals are lazy. If given the choice between reusing a cyberattack that worked, they’d rather stick with it. That means many criminals are trying to exploit old network vulnerabilities while developing new and improved ways to get onto your network through newly found vulnerabilities. They are maximizing their chances to break onto your network and steal or ransom data by bombarding it with all sorts of attacks in hope one will stick.
It just takes one successful exploit—that means one vulnerability—to hand over the keys to your network.
There were 15,038 new network flaws discovered last year. That means, Microsoft, Adobe, Oracle and other tech companies have been actively finding flaws on their platforms and have been releasing fixes for your IT team to address. That number is nearly double the amount discovered in 2016 (9,837 vulnerabilities).
As people in the industry keep announcing new vulnerabilities—commonly known as common vulnerabilities and exposures (CVEs), the more opportunities hackers have to exploit them. With every CVE on your network, you’re opening many more doors—many more opportunities—to put your entire network at risk.
What I want you to hear is that 2018’s list of CVEs is expected to near 20,000!
That means twenty-thousand different ways for someone to break into your network, lock down and ransom your files OR steal sensitive staff, client, or donor data.
Cybersecurity experts predict that 20,000 new CVEs will be discovered this year. That is THIS year. NOT the comprehensive list of vulnerabilities found year after year. That number is much higher and if you’ve not been paying close attention to fixing these issues, your network might have hundreds of thousands of access points—that is, hundreds of thousands of ways a hacker can break onto it, ransom and steal your data.
One additional number to think about…. 870
870—that’s the number of daily identified vulnerabilities. That is, newly discovered flaws—likely on your network as you’re reading this. Experts at Microsoft, Adobe, Google and other big tech companies slave away at their computers trying to detect problems in common software—software that you and your users are likely using this very minute. On average, these experts detect and publish 870 vulnerabilities each and every day of the year.
That means 870 new opportunities for cybercriminals to break into networks. Nearly 12% of all vulnerabilities fall within the category of critical security vulnerability—so of the 870, there are likely a few handfuls of exploits that criminals could actually use without having to do major legwork of researching and designing exploits. Essentially, criminals are lurking in wait for new vulnerabilities to be announced and use the exploits affecting your security to their advantage.
Managing all of these vulnerabilities—CVEs—is really time consuming. And keeping track of which ones are on your network could be a full-time job.
In fact, nearly a quarter of organization IT Departments are aware of many of the critical vulnerabilities on their network—they simply don’t have sufficient resources or hands to address them.
Since most IT guys and departments spend their time day in and out fighting fires, security often falls toward the back burner or is not a big priority. When 5 o’clock rolls around, all of those security tasks they were meaning to get to today are probably forced down their page of ToDo’s. Eventually, as work piles up, they have too much on their plates to even address the biggest vulnerabilities on your network and risk your business to cyber threats and ransomware attacks.
What is the most effective way to address the pile of network vulnerabilities that have likely piled up over time? Follow these four simple steps:
Identify your vulnerabilities—evaluate what vulnerabilities lie on your network. Scour patch lists for your common software and make sure every single critical security vulnerability is identified.
Prioritize—from that list of vulnerabilities, figure out which vulnerabilities critically impact your network security. Ones that jeopardize critical data or systems should be prioritized above those that merely impact processes or tasks tangential to your business’ mission critical operations.
Delegate—since security tasks often take serious time to get right, having a team to delegate tasks to pays off immensely. Delegate tasks to subject matter experts or people that have a good handle and lots of experience doing particular security tasks and follow up with them that their tasks are done on schedule (make sure to create a timeline to hold your team accountable to).
Get a second opinion—most cybersecurity experts recommend getting a second pair of eyes to evaluate your network. While your team may think everything is done, we often find major security vulnerabilities stemming from simple to fix items (think of the second opinion like proof reading a news article. Just like writers, IT guys can make silly mistakes).
Are you sure you have your security covered? Contact us today for a free ransomware vulnerability assessment.
