This is a major challenge to organisations as there is a never ending stream of vulnerable devices that need immediate patching to mitigate the threat of serious negative consequences. It’s a perpetual fire drill for organisations - not only taking time to ensure the devices are patched correctly, but more so, not knowing if and where they have these devices in the first place. There has been huge emphasis on SSL VPN solutions enabling us all to work during the pandemic, and many business units and departments have sourced VPN solutions at speed, and often outside of the normal IT procurement process.

Therefore, fixing the possibility of actively attempted unauthorised access to their networks, from a trivially exploitable hole, will be a priority. In addition to patching the FortiOS devices, it will be important to compare the patterns of behaviours of the devices themselves to highlight any changes in behaviour over time. Similarly, organisations should compare each device against other Fortinet devices to spot deviations from a profile of expected behaviours, that will act as an indicator to the possibility that an attack may of occurred.

With VPNs a commonly abused entry point for attackers - and Fortinet having an existing partnership with the NHS - we can probably expect to see an NHS Cyber Alert in the coming hours and days. There are strong and robust practises in place within the NHS. The common issue we see is not the lack of ability or speed to patch, it is in finding the devices in the first place from what is often a forgotten piece of the puzzle, the asset inventory. It is these forgotten or unknown devices that will be the major source of concern.