In our Neu Cyber Threats weekly bulletin, we hear more and more about vulnerabilities that are discovered by cyber criminals. Eventually, they are patched – both on an operating system and application level – but there could still be some holes open for criminals to exploit. Once a patch becomes available, they can be reverse engineered by cyber criminals to develop exploits that work well on any unpatched devices. Threat actors work with speed, while users can be slow to update and upgrade.
The same could be said of the Internet of Things (IoT). An increase in the amount of devices connected to your enterprise network, without considering the security factor, is a major risk. If you follow the proper protocols, then there is no need to fear. Many of these devices have old firmware that is easy to exploit. As a result, they could become the weakest link in your armour and open a direct route to your assets.
Some IoT devices include operational backdoors, like hardcoded admin credentials intended for maintenance, which can easily be repurposed by threat actors. It begs the question: if you don’t know what devices are connected to your network, how can you defend from them if they turn malicious?
The effect of patching often and early is not going away. While patching is just one of many protection layers, it is not a fail-safe method that can completely protect your devices. Endpoint solutions can be used as a last line of defence against undiscovered vulnerabilities and new attack vectors. It is also advisable to use software that can automatically apply security updates and patches – which will ensure that all endpoints are up-to-date.