By Rohit Dhamankar, Vice President, Threat Intelligence, Alert Logic
When it comes to incorporating strong cybersecurity hygiene into their practices, small and midsize businesses (SMBs) sometimes don’t realize how susceptible they are to cyber attacks. They read the latest news about a big-name organization getting hacked and conclude that this would never happen to a “small fish” company like theirs.
But they are mistaken.
Due to increasingly automated attack methods, cyber adversaries aren’t distinguishing between “big” and “small” fish anymore. They’re targeting vulnerabilities, with automation that empowers them to cast a wide net to cripple SMBs and large enterprises alike. New research from Alert Logic indicates that lack of awareness may be leading to a wealth of exposures for SMBs: A clear majority of their devices are running Microsoft OS versions that will be out of support by January 2020, and most unpatched vulnerabilities in the SMB space are more than a year old.
What Alert Logic’s New Findings Really Say
These and other findings from the Alert Logic Critical Watch Report 2019 should serve as an eye-opener for SMBs.[1] Our analysis was based on 1.3 petabytes of data from more than 4,000 customers, including data from 2.8 million intrusion detection system (IDS) events and 8.2 million verified cybersecurity events. Here are highlights from the report that illustrate the most significant challenges we found:
Digging into the Numbers
More than 66 percent of SMB devices run Microsoft OS versions that are expired or will expire by January 2020. There’s little representation, in fact, of the current Windows Server release – 2019 – among this group and the majority of devices run Windows versions that are more than ten years old. Even if not exposed to the internet, these versions make it easy for attackers to move laterally within systems once they compromise a host.
Three-quarters of the top 20 unpatched vulnerabilities in the SMB space are more than a year old. Even though automated updates have improved software patching, organizations struggle to keep up the pace. The use of open source software – a common technique for building software projects efficiently – complicates the patch cycle, especially when the open source software is embedded. To uncover and reduce the vulnerabilities left by unpatched code, organizations must invest in third-party validation of the efficacy of the update process in their software development life cycle (SDLC) while conducting regular vulnerability scans.
Security Challenges SMBs Face
Weak encryption continues to create headaches, accounting for 66 percent of workload configuration problems. Unfortunately, many SMBs simply implement a default encryption for a particular app. Defaults were typically defined when older encryption protocols were still considered safe but might no longer be. It’s not surprising then that our research found that 13 encryption-related configuration flaws are leading to 42 percent of all security issues found.
Nearly one-third of the top email servers run on Exchange 2000, which has been unsupported for nearly 10 years. Email is the life blood of most businesses, so SMBs place their operations, sales and other critical functions at risk if they encounter newly identified vulnerabilities for which there are no available patches.
The three most popular TCP ports – SSH (22/TCP), HTTPS (443/TCP) and HTTP (80/TCP) – account for 65 percent of all vulnerabilities. Internal security teams should regularly scan ports to determine weaknesses and firewall misconfiguration issues, as well as whether unusual, possibly harmful services are running on systems. In addition, they need to close ports that are no longer in use; install firewalls on every host; monitor and filter port traffic; and patch and harden any device, software or service connected to ports.
Half of systems are running a version 2.6 Linux kernel, which has been out of support for more than three years. There are at least 69 known vulnerabilities for this kernel level, with many relatively easy to exploit. Kernels serve as the heart of an operating system, managing hardware, memory, apps, user privileges and an assortment of other key functions/components.
What to Think About Next
An obvious answer for SMBs is to inventory their cyber ecosystem and replace systems that have outlived support. But this is impractical for many. Resource constraints and inability to scale often prevent SMBs from upgrading and they struggle to apply best practices in patching, hardening and cyber hygiene. These organizations don’t have to go it alone, however, and can partner with security providers who offer strong but cost-conscious options to provide needed threat visibility, intelligence and security and compliance experts. With this support, SMBs can better defend existing infrastructure while addressing security challenges that occur during upgrades or migrations to the cloud.
[1] https://resources.alertlogic.com/c/IR-critical-watch-report?x=Ws7yBF
Bio
Rohit Dhamankar is vice president of threat intelligence products at Alert Logic. Dhamanker has over 15 years of security industry experience across product strategy, threat research, product management and development, technical sales and customer solutions. Prior to Alert Logic, Dhamanker served as vice president of product at Infocyte and founded consulting firm Durvaanker Security Consulting. He holds two Masters of Science degrees – one in physics from The Indian Institute of Technology in Kanpur, India and one in electrical and computer engineering from University of Texas – Austin.