THERE ARE ONLY 5 QUESTIONS YOU MUST FOLLOW 2 ARTICLES TO ANSWER THE 5 QUESTIONS
ID: 3746766 • Letter: T
Question
THERE ARE ONLY 5 QUESTIONS
YOU MUST FOLLOW 2 ARTICLES TO ANSWER THE 5 QUESTIONS
ARTICLE 1:
37% of IT Managers See Failure to Install Updates as the Biggest Security Threat of 2018
Outdated software is now a bigger threat than weak passwords, bring-your-own-device (BYOD) and unsecured USB sticks, according to a new study.
27% of enterprises spend, on average, at least a month before installing vital security patches, data shows. Among businesses with over 100,000 computer terminals, the figure is 45%. At the same time, 13% of large businesses have given up on actively managing software distribution and are asking employees to update their own systems.
The survey conducted by enterprise content delivery company Kollective gauges responses from 260 IT managers, leaders and decision makers. The results indicate that many US businesses are failing, gravely, to meet industry expectations on network security.
37% of IT managers say “failure to install updates” is the biggest security threat of 2018, placing outdated software at the top of the threat pyramid, above password vulnerabilities (33%), BYOA / BYOD (22%) and unsecured USB sticks (9%).
The researchers found that failure to install updates stems from a combination of slow testing procedures and an inability to distribute updates automatically at scale – i.e. lack of infrastructure.
“With a growing number of applications being left out of date, today’s businesses are creating their own backdoors for hackers, botnets and malware to attack,” according to Dan Vetras, CEO of Kollective.
Other findings include:
66% of organizations can’t automate their update software distribution
81% of IT teams can’t deploy software updates when they first arrive
52% of those in large enterprises must wait at least 7 days before installing vital security patches
25% of companies delay updates due to network scaling issues
21% of IT managers say they don’t have the budget to overhaul the organization’s IT infrastructure
46% of IT teams have no plan to manage updates served as part of Microsoft’s upcoming “Windows as a Service” model
---------------------------------------------------
ARTICLE 2:
How Hackers Choose Their Targets
According to Security Boulevard, the #1 security vulnerability identified by IT managers is unpatched systems.
Hackers target vulnerable systems. There it is. That is the big secret, which likely isn’t as shocking as one anticipated. Why do hackers target vulnerable systems? This too is rather simple. They don’t want to have to “work” at hacking the system, they want users to leave the door open for them. And often times they are.
Leaving third-party applications and operating systems outdated leaves endpoints and servers, as well as all the data on them, vulnerable to attack.
It is imperative for users to update all devices in a timely manner. Often times this will take longer for larger businesses, as proper testing should be completed to ensure the update will not negatively impact the functionality of existing software or devices. That being said, the testing process should take place once updates are available, so updates can be installed as quickly as possible. It should also be noted, major software companies, such as Microsoft, have reoccurring update release dates. Therefore, IT professionals can schedule when testing will need to be completed with the predetermined update dates.
Automate Updates?
Users at a smaller scale, either home users or perhaps a smaller business may automate application and operating system updates to take the legwork out of manually launching the update. This feature is great for those who want to set it and forget it. However, users must remember to reboot their PCs every day. When updates are installed, they often are not finalized until the device is rebooted. Therefore, users may think they’re protected with the latest updates, but in reality, they haven’t finished installing because no reboot has been initiated.
Rebooting is equally important for those who manually update as well. If it isn’t getting done — the update is NOT complete.
Other Forms of Vulnerability
Although unpatched systems were the primary security threat identified by IT managers, other vulnerabilities should be addressed as well. Additional factors to evaluate include multi-factor authentication, IoT devices, BYOD policies, and password strength.
Multi-Factor Authentication and Password Strength
First and foremost, no one should be able to access your network with one basic password. Employers should be employing a multi-layer authentication feature to access their networks. As a component of that, proper password regulations should be in place. This includes requiring passwords to be changed every 30-45 days, including specific characters and numbers, and offering a password vault for employees to track their passwords to prevent them from being written down or kept in a Word or Excel document.
IoT and BYOD
The Internet of Things (IoT) has taken over the world. We’re more connected now than ever, whether it is our smartwatches notifying us of text or calls, or checking emails through our phones. We often bring these devices with us to work and connect them to company networks. This creates a major problem. If these devices are infected with malware of any kind — viruses, ransomware, spyware, etc. this malware can now spread throughout the company networks. Also, the likelihood of these IoT devices having any form of security solution installed is minimal at best. They often do not come with any form of antivirus installed, and some devices are not compatible with security solutions at all.
Therefore, having a solidified Bring Your Own Device (BYOD) policy is important. Employees should know what is allowed and expected, and what is not. This should include three major things. First, what devices are permitted to connect to the company’s networks. Second, the company needs to mandate a security solution is installed on all devices permitted to connect to company networks. Lastly, it must include disciplinary measures if the policy is not adhered to.
-----------------------------------------
QUESTIONS
Questions
Based on the news articles above, and Internet searching, answer the following questions.
1) For IT managers that were surveyed, what do they believe is the biggest security threat of 2018?
2) Why do hackers target known vulnerabilities?
3) Where might hackers find out about these vulnerabilities?
4) What difficulties might an IT manager have updating vulnerable systems?
5) What other vulnerabilities do IT managers believe to be next on the list of exploitable vulnerabilities?
Explanation / Answer
Answer)
1) For IT managers the biggest threat would be Cyber attacks, data breaches, Targets by ransom virus, Remote code execution attacks. As the project would have had alot of budget allocated to it, hence a single attack would cause millions of loss to the organization as well as the project.
2) Vulnerability exist in all the systems, where some are known and the others unknown.
Vulnerability which are known are targetted by Hackers as it becomes easy for them to trace the IP to hack and understand the system behaviors.
3) The hackers might find the vulnerability from weak password, open wifi, remote connection etc.
4) The difficulties which might arise when IT Manager updates the vulnerable system are data issues, integration issue, difficulty finding logs, and loop holes to fix.
5) The malware, ransome, virus, remote connection, Weak IP etc are the list of exploitables.
Hope you like this answer . :)
Hit like if you find this answer helpful. Thanks
Related Questions
Navigate
Integrity-first tutoring: explanations and feedback only — we do not complete graded work. Learn more.