Do we have tiered defenses?
Do we keep up-to-date with patches? Do we have a patch-deployment system in place that can distribute updates in a timely manner?
Do we use an automated VA tool to identify potentially vulnerable systems?
According to our reader survey and the obviously abysmal state of the industry at large, we'd venture to say that the majority will answer "No" to most of these questions. This not only means increased risk, but increased costs, and it's where the business case comes into play: Like it or not, vulnerabilities cost money. Clean-up costs money. Lost work costs money. And not having a vulnerability-management plan in place will ultimately--you guessed it--cost money.
An interesting paper was released late last year discussing some of the vulnerability-management efforts at NASA (see www.sans.org/top20/GISRA_NASA.pdf). According to the study, NASA determined that the vast majority of its security incidents were related to a specific subset of total vulnerabilities. The agency concluded that it could reduce its risk profile by addressing this subset of known vulnerabilities. The result was an organizationwide vulnerability assessment and mitigation war, launched by NASA's CIO, that involved a few key components:
By combining resources and expertise, the AI-Enabled ICT Workforce Consortium will offer a blueprint for how industries can adapt to an AI-dominated future.
IT leaders should heed the guidance of cybersecurity insurance providers who think businesses should prioritize security education, incident preparedness, regular internal audits, and ongoing vulnerability scanning and patching.
There are many network courses that can address your present job's priorities and help you gain the needed skills to keep pace with industry changes and new technologies.
