Oh no! It's Friday and more news of new vulnerabilities is being announced! Do we kiss our weekend goodbye? Why does it always seem like the sky is falling... just falling worse at some times? When should I actually be worried?
You probably have seen some variation of this cyber risk chart. It shows that when the impact of a vulnerability and the exploitation of a vulnerability are both high, your risk is at its highest. So what? You probably want to know what does that actually mean, and how can you use it to gauge whether The Next Big Thing™ is going to truly impact you?
First, impact. This measures how big of a hit you will take if someone exploits this vulnerability you have. Low impact might be someone can figure out which version of software you are using. High impact might be someone can gain complete control over your computer.
Second, exploitability. How easy is it to exploit this vulnerability? This doesn't necessarily require skill, as people can release exploits with point-and-click ease, but what I want to know are things like:
1. Do you need physical access to the system?
2. Do you need to be on the same network as the system?
3. Do you need to have working credentials to the system?
4. Does the vulnerability only exist in some non-standard situation (e.g., old version of the software, must also have a special add-on installed, and also default language must be set to Klingon)?
So when you triage a new vulnerability alert and are trying to figure out if you should cancel your weekend pickleball tournament, think through this:
1. What is the scope of this? Is it for every version of Windows ever, that is running on billions of devices (scary), or does it only apply to some obscure application no one is really running (pickleball time!)?
2. What is the impact? Does it allow for someone to take over the system (e.g., remote command/code execution (RCE) with administrator privileges) or something else extremely bad?
3. How exploitable is it? Is there a public exploit available that will allow me to put an IP address into a program I download and it instantly gives me full control of any vulnerable system on the internet with no credentials required?
Low impact vulnerabilities can be combined to result in a high impact attack, exploitability can potentially change over time, but this is a quick way to triage the plethora of vulnerability notifications that come across our desk every day to gauge the risk severity of an issue.
MOXFIVE provides the clarity and peace of mind needed for attack victims during the incident response process. Our platform approach enables victims of attacks to work with a Technical Advisor who provides the expertise and guidance needed in a time of crisis, and facilitates the delivery of all technical needs required, consistently and efficiently.
Learn More
With experience on the front lines responding to incidents daily, MOXFIVE Technical Advisors have the unique ability to connect the dots between business, information technology, and security objectives to help you quickly identify the gaps and build a more resilient environment.
