Dark Reading is part of the Informa Tech Division of Informa PLC
This site is operated by a business or businesses owned by Informa PLC and all copyright resides with them.Informa PLC's registered office is 5 Howick Place, London SW1P 1WG. Registered in England and Wales. Number 8860726.
The 10 Most Impactful Types of Vulnerabilities for Enterprises TodayManaging system vulnerabilities is one of the old est - and most frustrating - security challenges that enterprise defenders face. Every software application and hardware device ships with intrinsic flaws - flaws that, if critical enough, attackers can exploit from anywhere in the world. It's crucial that defenders take stock of what areas of the tech stack have the most emerging, and critical, vulnerabilities they must manage. It's not just zero day vulnerabilities. Consider that CISA's Known Exploited Vulnerabilities (KEV) catalog lists vulnerabilitlies in widely used applications that are "actively exploited," and most of them are flaws that were discovered several years ago and have been fixed. There are also emerging vulnerabilities in 5G networks, cloud infrastructure, Edge applications, and firmwares to consider.
Incident Readiness and Building Response Playbook
In this special report, learn the Xs and Os of any good security incident readiness and response playbook.
Tweet This
1 Comments
User Rank: Apprentice
5/28/2021 | 11:55:07 AM
We find that one of the best ways to increase overall employee engagement in the organization's security program, is to find ways to promote proactive behavior through gamification, management involvement, and meaningful KPIs KRIs built around the reaction/interaction to threats and potential threats. For example, when it comes to simulated phishing - instead of looking at click through rates as the key metric, organizations can focus on the proactive reporting of threats and the "see something, do something mentality" in order to create a more positive experience overall, thus improving employee willingness to engage in good habits, behavior and ultimately, changing one's identity with a more proactive inherent scrutiny in how they process and respond to information. Organizations who traditionally kneejerk enroll employees immediately after failing a phishing test tend to promote an adversarial relationship between IT and the work force. Although click through rates can provide some meaning information about areas of risk, incentives around the promotion of proactive behavior and employees becoming proactive cybersecurity citizens is one of the best ways to enhance engagement across a security awareness program and empower employees and teams to identify and stop threats.