Managing cybersecurity risks and vulnerabilities is a critical activity for any robust security program. Risk management and vulnerability management are performed in tandem to help keep your network safer and more secure.
In this article from the Security Industry Association’s (SIA’s) Cybersecurity Advisory Board (CAB), learn key concepts in risk and vulnerability management and get expert insights on how to better mitigate cybersecurity threats. These tips were developed by the SIA CAB during Cybersecurity Awareness Month 2021 as part of SIA’s efforts to promote responsible connectivity and encourage SIA members to strengthen their cybersecurity postures.
What Is Security Risk Management?
Vulnerability management is a term used in relation to a particular type of risk – the risks that exist because of the software development process.
What Is a Vulnerability?
A cybersecurity vulnerability is any gap or weakness in your IT systems or processes that can be used by unauthorized persons to act on those systems. Through these gaps, bad actors can access system functions or data. Vulnerabilities differ from other types of threats in that they are not necessarily the product of malicious activity but are most typically caused by software flaws or system misconfigurations.
Managing Vulnerabilities in Your Environment
Computer vulnerabilities happen when the software is created (or installed incorrectly). Modern software development includes security testing so that the obvious and known vulnerabilities are discovered before the code is released to the public.
After software or systems are released to the public, criminal attackers and legitimate security researchers can do all sorts of testing to find gaps in the code. Criminals might exploit these gaps for illegal profit, while legitimate security researchers typically report to either the vendor or to public forums.
At this point, the vendor creates a patch and releases it to the public, which then requires your security team to enact the patch or fix the problem.
The process of keeping up with these vulnerabilities in your system and closing the gaps is vulnerability management.
Tips for Better Vulnerability Management and Cybersecurity Risk Mitigation
The best vulnerability management is to prevent the vulnerabilities in the first place. Many vulnerabilities can be introduced during system installation and configuration. Tips to avoid introducing configuration vulnerabilities include:
- Ensure network segmentation: Segmenting networks keeps systems from “touching” each other so that a vulnerability in one system doesn’t allow the intruder automatic access to other systems.
- Ensure the security of the cloud environment: Outsourcing your IT to a cloud provider can be an excellent business choice, but remember that outsourcing the responsibility does not outsource the impact. Make sure your cloud provider has strong security practices.
- Isolate customer data: Different types of data loss or theft can have different levels of impact or harm to you. Make sure you isolate different criticalities of data so that a breach of one does not lead to a breach of all.
- Practice good cyber hygiene:
- Always change default passwords
- Never reuse passwords
- Use strong and complex passwords or passphrases (use a password manager to keep up with these “hard to remember” passwords – never write them down).
- Use multifactor authentication as much as possible (e.g., you get a text code to enter each time you log in to a system or an authentication tool such as Duo)
- Deactivate user credentials on the system as soon as the user no longer needs them.
- Patch quickly and often: Keep up to date on all the latest communications from your vendors regarding patches, and make sure you implement patches and fixes as quickly as possible.
Additional ways to prevent harm coming from system vulnerabilities are to react quickly to any bad actors seeking to exploit the vulnerabilities and reduce the harm they might be able to do. Here are some tips to contain the damage if a vulnerability is exploited:
- Monitor access and traffic: The best way to head trouble off is to see it coming. Network monitoring helps identify attacks and intrusions and stop them as quickly as possible.
- Have an incident response plan: Knowing an attack is happening is only useful if your team knows what to do about it. Make sure you have procedures in place to respond to and recover from any cybersecurity problems that come up.
- Back up data: Many types of criminals try to deny you access to your data, or destroy it, rather than simply stealing it. Data backups can make the difference in recovering from an incident quickly or slowly (or not at all).