What a year 2017 turned out to be – especially from a security perspective! From WannaCry and Nyetya to the Equifax breach, 2017 was marked with security events. And yet, as spectacular as 2017’s security failures were, 2018 is already shaping up to be even more stunning.
Within mere days of the start of the new year, it was publicly disclosed that CPU hardware design flaws, lovingly dubbed Meltdown and Spectre, allow vulnerabilities between applications and the operating system and break the isolation between applications. The problem affects virtually all computers and devices globally, and companies are still grappling with the security implications.
A closer look reveals that there is a common thread with these compromises, hacks and vulnerabilities that have emerged. You as a business owner or manager will likely be impacted by an oversight or compromise by a third-party provider that you didn’t cause and cannot control. While it hardly seems fair, that is the reality of today’s increasingly interconnected security ecosystem. Let’s take a closer look at some examples:
- Nyetya – Cisco’s TALOS group asserts that the Nyetya attack started with third-party accounting software (M.E.Doc) via a compromised update server.
- Equifax – An Apache Struts vulnerability, that was not patched for more than two months, lead to the compromise of approximately 145 million Equifax customers’ data.
- Spectre & Meltdown – Two architectural flaws affecting Intel, AMD and ARM processors and companies such as Microsoft, Apple and Google are rushing patches to remediate the impact.
Most businesses trust their third-party partners to protect them from dangerous attacks. Last year’s security incidents illustrate just how important it is to utilize trusted partners and proactively maintain and update software. But with an ever-evolving threat landscape, it can be difficult to keep track of everything.
Our managed services solution is designed to proactively monitor, secure and support your business IT environment. As a trusted partner, we handle the “waterline” activities: performing security scans, judiciously patching systems and reporting progress so you know it’s done.
Third-party security threats require a third-party solution dedicated to protecting your business and furthering your goals. We would love to partner with you for a secure 2018; contact us today.