As vulnerabilities are discovered, advisories are issued, remedies and mitigations are shared and then the onus is on the end user and/or company to do what’s necessary to close the window into their infrastructure. That is what happens in a perfect world, where CISOs and CIOs have fully collaborative relationships with operations and when the mitigations don’t derail the organization’s operational efficiency and capabilities.
Joint Cybersecurity Advisory
On July 28, 2021, four agencies across three countries issued a joint cybersecurity advisory identifying 30 vulnerabilities that companies (be they big or small) should be mitigating. From the U.S., the agencies are the FBI and CISA; from Australia, the ACSC and from the U.K. the NCSC.
The advisory doesn’t mince words: “Cyber actors continue to exploit publicly known—and often dated—software vulnerabilities against broad target sets, including public and private sector organizations worldwide. It’s recommended that organizations apply the available patches for the 30 vulnerabilities listed in the joint cybersecurity advisory and implement a centralized patch management system.”
CISOs—you’ve received your marching orders. Close the delta of vulnerability.