During the week starting October 12th, the IT industry has been scrambling to answer questions regarding several patches that address vulnerabilities including CVE-2020-16898. The vulnerability allows a hacker to send communication packets to a remote Windows 10 or Windows Server 2019 operating system and potentially gain control over the device. This patch is critical and necessary to defend against attacks that can happen from anywhere in the world. Another vulnerability was also announced, this one by SonicWALL: CVE-2020-5135, which allows for an attack on the perimeter defense and allows code execution from a malicious attacker.
Vulnerability and Business
In 2020 there has been a rise in both volume and variance of cyber-attacks worldwide. Organizations have now begun to take recommendations from cybersecurity experts more seriously, determining that it is less expensive to have security defenses than it is to experience a breach. Most organizations are starting to see that without taking proper steps, it is only a matter of time before they are breached.
How do these vulnerabilities affect business?
Ideally, announced patches and vulnerabilities should be deployed quickly and efficiently to an entire organization with applicable machines that require those fixes. It is important for your IT Provider to be able to continue with regular IT services as well as execute and pivot to combat issues that are presented by experts in the cybersecurity field. It is even more important for your leadership team to maintain a proactive approach to allowing your IT Provider to better defend the organization through this proactive approach.
How We At Integris Handle Vulnerabilities
At Integris, the day the vulnerabilities were announced to the world- dedicated technicians and engineers were already testing out the patches and evaluating organizations that were most at risk. Patches for both SonicWALL and Microsoft were deployed out across firewalls, servers, and workstations quietly in the background, a major effort to secure networks while making sure that organizational operations were unaffected.
Patching is often talked about as an activity that most organizations don’t like, value, or understand. Technicians have often been greeted with grumbling or even irritation when suggesting running updates on computers:
“Every time I run an update my wireless mouse stops connecting to my laptop until I unplug/plug it back in” – Everyone who ever owned a wireless mouse
Yes, unfortunately, there can be some inconveniences to the patching and updates, however, Microsoft continues to work on patches that cause less uproar and are directed towards securing and maintaining the integrity of your operating system. Integris focuses on communicating with you as a client on patches that may provide some disruption. Even after you are made aware of these changes, Integris will quickly plan and execute at times that make the most sense for your organization, while still maintaining defenses.
In the meantime, for patches and updates that do not disrupt your operations, sit back and relax. For you, No Action Required!
Vulnerability and Business
Just about everyone has tried to separate the rumors from reality since President Trump’s executive order, so we thought we would share what we know about what is rumor and what is fact.
Rumor vs. Fact #1
The Rumor: Many people originally thought the executive order banning TikTok would go into effect immediately or at some point before the 45-day deadline if negotiations fell through.
The Reality: The executive order allowed TikTok and its parent corporation 45 days to devise and implement a solution, particularly concerning its talks with Oracle leaders for a buyout of ByteDance’s U.S. interests. As of September 23, 2020, the deadline has passed, allowing TikTok and Oracle to continue negotiations.
Rumor vs. Fact #2
The Rumor: Upon signing the executive order, President Trump expressed concerns that the Chinese-owned smartphone app was a threat because it could capture detailed information from U.S. citizens. The Chinese Communist Party (CCP) was freely gaining access to the personal and proprietary information of more than 800 million Americans.
The Reality: In July 2020, Zak Doffman at Forbes explored U.S. allegations of data mining against TikTok, which the social app firmly denies. The fact is that like any social media app that collects personal information — see Facebook — TikTok users freely offer up personal information. Doffman shares that the concern over TikTok’s access to U.S. information is not unreasonable when information allows access to powerful insights of a nation’s people.
Want To Learn More About Our Vulnerability Services?→
Want to make sure your data is secure?
A conversation is a great place to start.
Schedule a quick call to find out how you can prevent a data breach.