CISA recently released guidance on the top vulnerabilities of 2021 -- compiled by cybersecurity companies in partnership with the NSA and FBI.
Lorri Janssen-Anessi, Director, External Cybersecurity Assessments at BlueVoyant, who previously worked extensively with government agencies, including the NSA, DoD and DHS, shared her thoughts on this latest release from CISA:
“I was encouraged to see the guidance published from the worldwide securities agencies on the top routinely exploited vulnerabilities. What the securities agencies highlighted aligns with what BlueVoyant’s threat intelligence monitors for and observes. We consistently inform our clients of these vulnerabilities as they are identified. Our continuous monitoring of their networks also allows us to provide accurate and actionable information needed to mitigate these vulnerabilities. The similarities between BlueVoyant’s threat intelligence monitoring and this guidance is evidence of consistency in the cybersecurity community and may be a result of good public/private partnering.
That being said, the guidance unfortunately highlights the reality that many organizations still struggle with cyber hygiene. Some of these vulnerabilities have been known publicly since 2020 and have patches available. Just like the security agencies suggested, organizations need to more regularly patch their systems, use multi-factor authentication (MFA), or use two ways to verify user’s identities before allowing them access to the network, and to segment their networks so users only have access to systems they need.
In addition, the guidance should serve as a reminder to organizations to regularly monitor their supply chain, and/or the third parties and vendors in their digital ecosystem. Even if you have patched and properly secured your internal network, you could be vulnerable if a third-party has not done the same.”