When it comes to technology, there is often an element of unpredictability, as situations can arise that are difficult to foresee. Security vulnerabilities being one example that you can encounter at any stage, and in many cases, with little time to react.
In the last three weeks alone, there have been two significant vulnerabilities:
1. Microsoft On-Premise Exchange vulnerability
Microsoft released critical updates to patch Microsoft Exchange which Cert NZ classified as ‘urgent’ and recommended the patching of vulnerable systems as soon as possible. It is rare for Microsoft to release patches outside of their normal patching schedule which highlighted the urgency.
Microsoft announcement: Access here
2. Critical IOS Update with urgent security fixes
The update worked to fix a vulnerability in WebKit, the engine that powers the Safari browser, which could lead to arbitrary code execution. This means that without the update, an attacker could remotely run their own code on vulnerable devices.
Apple announcement: Access here
With cybercriminals and security threats becoming increasingly sophisticated, these vulnerabilities are likely to become more and more common. This is highlighted in the latest Threat Report released by CertNZ, with the following key findings:
How to protect your organisation?
When vulnerabilities arise, it is often up to your IT Provider or internal IT support to respond in a timely manner to minimise the risk of both financial and reputational damage.
IT Partners Response
When vulnerabilities arise, we proactively notify and remedy risks in both a timely and effective manner. As an example, we responded to the recent vulnerabilities listed above by:
• Microsoft On-Premise Exchange vulnerability: Just two hours after we became aware of this vulnerability, we had notified all affected clients. Further to this, within a 48-hour period we had remedied the vulnerability for 95% of clients, arranging suitable outage periods to minimise disruptions. Deploying temporary workarounds for the remaining 5%.
• Critical IOS Update with urgent security fixes: Although we do not manage our clients iOS Devices (i.e., iPhones), on the same day the critical update was released, we had provided a proactive communication explaining the importance of installing the update as soon as possible. Without these types of communication prompting action, it is often easy to ignore updates until convenient.
IT Partners deploys a layered security architecture as part of our standard offering which would serve as the last line of defense in any event that utilised a vulnerability such as those detailed above. A proactive response to the notification of serious vulnerabilities is just one of the layers in our approach.
If you are concerned about your business’s current response to security vulnerabilities get in touch via email or phone 07 957 2650.