Cyber Experts Comment On Bitdefender Report: The ‘New Normal’ State Of Cybersecurity

In response to a new Bitdefender report which found that COVID-19 has left businesses at a far higher risk of cyber-attacks, largely due to their corporate infrastructure being exposed to attack vectors and threats that would not have been considered a year ago, experts from three cybersecurity firms offer perspective. 

Experts Comments

November 05, 2020
James McQuiggan
Security Awareness Advocate
KnowBe4
All organizations must have a robust security program that includes a repeatable change management program to keep up to date on known vulnerabilities. Without up-to-date patching, it's an easy attack vector for cybercriminals, nation-states, and a beginning hacker to scan the internet to find network devices that are not up to date. Having vulnerabilities exposed to the internet is like leaving the front door unlocked to your house when you go away on vacation. While you might be able to stop .....Read More
All organizations must have a robust security program that includes a repeatable change management program to keep up to date on known vulnerabilities. Without up-to-date patching, it's an easy attack vector for cybercriminals, nation-states, and a beginning hacker to scan the internet to find network devices that are not up to date. Having vulnerabilities exposed to the internet is like leaving the front door unlocked to your house when you go away on vacation. While you might be able to stop them from stealing your essential items with an alarm system, the bad guys have been able to break in and could get away with valuables. Keeping the external systems current with the latest software significantly reduces the risk of a successful attack and the potential damage to the brand, revenue, and resources. For all employees working remotely, it's critical to have a policy for all workers to utilize a VPN connection from their homes to the office to reduce any risk from other devices on the employee's home network attempting to access corporate devices. Having a robust security awareness training program that will educate employees to spot phishing emails will reduce the risk of a business email compromise attack. This training can ensure that employees can make smarter security decisions and protect an organization from various cyber-attacks.  Read Less
November 05, 2020
Josh Bohls
Founder
Inkscreen
Indeed, the immediate rise of WFH initiatives caught many IT departments unprepared to address new threat vectors and data security concerns amid the newly amorphous network perimeter. The SMB data transfer protocol has long been a target of bad actors seeking to penetrate file servers. I encourage IT leaders to look at all mobile applications being used by employees to ensure that any apps that access files behind the firewall are engineered to be managed by the company, deploy timely patches.....Read More
Indeed, the immediate rise of WFH initiatives caught many IT departments unprepared to address new threat vectors and data security concerns amid the newly amorphous network perimeter. The SMB data transfer protocol has long been a target of bad actors seeking to penetrate file servers. I encourage IT leaders to look at all mobile applications being used by employees to ensure that any apps that access files behind the firewall are engineered to be managed by the company, deploy timely patches to address newly discovered vulnerabilities, and commit to data privacy and data protection on an architectural basis. Thankfully there are EMM providers such as BlackBerry who assume the burden of testing and evaluating integrated applications from third-party vendors (such as Inkscreen) to ensure best-of-breed solutions for enterprise and government use cases.  Read Less
November 05, 2020
Chris Clements
VP
Cerberus Sentinel
For the past three decades or so, organizations have invested in centralized information security controls such as firewalls, IPS, and patching solutions that assume that the network population is safely inside the company’s perimeter. The mass migration to work from home hasn’t so much introduced new threats so much as it has redefined that default assumption, rendering the centralized controls built around it far less effective. Another area of weakness highlighted by the raft of recent .....Read More
For the past three decades or so, organizations have invested in centralized information security controls such as firewalls, IPS, and patching solutions that assume that the network population is safely inside the company’s perimeter. The mass migration to work from home hasn’t so much introduced new threats so much as it has redefined that default assumption, rendering the centralized controls built around it far less effective. Another area of weakness highlighted by the raft of recent VPN and other remote access product vulnerabilities is monolith patch culture. For many organizations, patching efforts are centered around Windows patches, with other third-party software and notably networking equipment only patched on an ad-hoc basis. This reliably leads to delays, confusion, and incomplete coverage for patching even serious security vulnerabilities in these systems.  Read Less

Submit Your Expert Comments

What do you think of the topic? Do you agree with expert(s) or share your expert opinion below.
Be part of our growing Information Security Expert Community (1000+), please register here.

Write Your Expert Comments *
Your Registered Email *
Notification Email (If different from your registered email)
* By using this form you agree with the storage and handling of your data by this web site.
SUBMIT
Share on facebook
Share on twitter
Share on linkedin

Recent Posts

Information Security Buzz (aka ISBuzz News) is an independent resource that provides the experts comments, analysis and opinion on the latest Information Security news and topics

Twitter Facebook-f Linkedin Youtube

Working With Us

The Pages

Our Contributing Experts