When considering the cybersecurity landscape, it’s important to note that the versions of products that organizations have deployed exist on a spectrum, with a small number of organizations running the latest versions, most organizations running older but still supported versions, and a substantial number of organizations running information systems that are no longer supported by the vendor.
While the latest operating systems and applications still have vulnerabilities, organizations can substantially improve their security posture by ensuring that they are running the most recent versions of operating systems and applications and by keeping those products current with released updates. It’s also important to note that many vendors are less diligent about addressing security vulnerabilities that are discovered in older versions of their products. A vulnerability that may be addressed in the current edition of a product may not be addressed in previous versions of the product.
It’s usually the organizations running outdated or unsupported products that you hear about when a large cybersecurity incident occurs. For example, the 2017 WannaCry ransomware attack disproportionally impacted organizations that had servers running the Windows Server 2003 operating system where the ports that are used for SMB storage protocol were exposed to the internet.
The WannaCry incident is reflective of a substantive part of the cybersecurity landscape in that it demonstrated that not only are a large number of organizations running outdated or unsupported information systems but that the security configuration of the networks that host those systems fell far below best practice.
Click HERE to learn more about Cybersecurity Training & Development Opportunities at Babbage Simmel or call (614) 481-6555.