Patch Hard
?? Donald Allen ????
#StandWithUkraine | Multiple Times Best-selling Author. Keynote Speaker. Top 50 Global Thought Leader & Influencer on Cybersecurity, Marketing, Startups, EdTech by Thinkers360. Founder & CEO, dacybersecurity.com
The US cyber command on Twitter reported that the Microsoft Outlook vulnerability (CVE-2017-11774) is being actively used to distribute malicious programs targeting government agencies.
The thing is, this vulnerability is not new.
A couple of years ago it was actively exploited by hackers from the APT33 group, which some researchers associate with the Iranian government.
And, of course, the patch addressing the vulnerability was released back in October 2017.
What is the logical conclusion here?
The US government operates using computers and software that has not been updated for years.
That’s crushing. Especially considering the fact cyber defense is just as important as physical.
This brings me to Die Hard 4.
I know, I know, it's not the finest movie of the franchise, but it illustrates the point perfectly:?
A bunch of hackers can bring havoc and terror to the entire country.
So please, do yourself a favor and start taking cyber-hygiene seriously.?
Patch. Patch hard!
This is the number one cybersecurity advice world-class security experts shared with me during our interviews for my new book.?
Now, I want to wrap this up with a question:
From 1 (lowest) to 10 (highest), where does patching land on your cybersecurity priority list?
Share your thoughts in the comments below.
FREE Cybersecurity Tips:
Securelicious,
Cisco Certified Network Associate (CCNA)
5 年Patching most definitely has to be a high priority (I give it an 8!) where cybercriminals see employees as uneducated vectors to begin their assault. Companies would benefit from a strict patch management system that is more tight on the weakest links within organizations.
Freelance Web Developer
5 年Time is valuable and too many articles lead you on a wild goose chase before actually getting to the point. I enjoyed how concise and specific this was, awesome read and looking forward to more! Keep it up Donald ????
Digital Security - Governance, Risk and Compliance
5 年Great article, i agree with a lot of comments here, patching is in the top three activities. What ive noticed as a greater concern is the legacy systems on in an MS environment on XP and Server 2003. The ticking timebomb due to systemic underfunding in IT&S infrastructure.
Senior Regional Security Manager at Microsoft with expertise in Security and Risk Management
5 年Patching is only a solution to keep the current up and running, incontrary today's cyber world takes us a new level where all business workflows etc.. nees to be revisited with a total new approach, sometimes a total rebuilt is required and I think your article is refering a point where some passed the point of "patching" and starting from scratch is becoming a must not a luxury anymore. Hope this clarifies.
Head of Cybersecurity Apex América - Independent Cyber Security Consultant - Cybersecurity Advisor - vCISO
5 年No doubt the continuous patching process is the basement for build a serious security program. Beyond that I hardly recommend add a modeling threat and security risk analysis to prioritize the most value assets. By the way very nice article.