"patch me if you can"

Recently, Clare O'Neil issued a public call to action for businesses to address three critical software vulnerabilities. These vulnerabilities, identified by the Australian Signals Directorate’s Australian Cyber Security Centre, have been looming for as long as four months, leaving businesses susceptible to potential cyberattacks and I wanted to talk about them in this week's newsletter, and the importance of patching.

I hope you got the patch me if you can... I thought it was funny, but I also understand it may have gone down like a lead balloon. Essentially, don't ignore vulnerabilities hoping they'll go away, patch your systems before they become a bigger pain than they need to be.

The Urgency of Patching

This is quite significant for the government, as I believe it's the first time a government minister has publicly urged businesses to patch specific software bugs.

In an article from the AFR, I pulled this statement "it's time to slam the door shut on cybercriminals looking to exploit these vulnerabilities"

What are the vulnerabilities?

1. Fortigate Firewall Vulnerability (June):Without timely patching, Fortinet's firewall product, Fortigate, exposes businesses to the risk of unauthorised access and potential installation of malware.
2. Citrix Netscaler Zero-Day Vulnerability (July):This zero-day vulnerability in Citrix’s Netscaler products demands immediate attention. Rapid exploitation could impact a significant number of organisations.
3. Ivanti Senty Critical Alert (August):Ivanti Senty, a tool for remote connections, harbors a critical vulnerability. It permits a bypass of the authentication process, potentially enabling hackers to install malware on unpatched networks.

POA

Prioristing patch management is so important, for obvious reasons. Regular and timely patching of software and systems is your first line of defense. Most organisations will have this but ensuring you have a robust patch management process in place, is critical. This includes:

• Automated Patching
• Testing Procedures

IDS and IPS

Utilise tools that automate the process of identifying and applying patches to critical software, and before deploying patches, ensure they undergo thorough testing to prevent any potential conflicts or system disruptions.

Implement IDS and IPS, these technologies assist in monitoring network and/or system activities for malicious or suspicious behavior. They can automatically respond to potential threats in real-time.

• Snort
• SolwarWinds

My knowledge is limited in this area, but I have heard good things about these two from speaking with candidates in the past.

Conduct Regular Security Audits and Assessments

Periodic assessments of your security infrastructure can help identify vulnerabilities and weaknesses before they can be exploited.

A Proactive Approach to Cybersecurity

I sound like a broken record, but a proactive approach is essential when it comes to Cyber Security, otherwise you're essentially a sitting duck.

What's your approach to patch management, and how do you stay on top of critical alerts?