THERE ARE ONLY 5 QUESTIONS

YOU MUST FOLLOW 2 ARTICLES TO ANSWER THE 5 QUESTIONS

ARTICLE 1:

37% of IT Managers See Failure to Install Updates as the Biggest Security Threat of 2018

Outdated software is now a bigger threat than weak passwords, bring-your-own-device (BYOD) and unsecured USB sticks, according to a new study.

27% of enterprises spend, on average, at least a month before installing vital security patches, data shows. Among businesses with over 100,000 computer terminals, the figure is 45%. At the same time, 13% of large businesses have given up on actively managing software distribution and are asking employees to update their own systems.

The survey conducted by enterprise content delivery company Kollective gauges responses from 260 IT managers, leaders and decision makers. The results indicate that many US businesses are failing, gravely, to meet industry expectations on network security.

37% of IT managers say failure to install updates is the biggest security threat of 2018, placing outdated software at the top of the threat pyramid, above password vulnerabilities (33%), BYOA / BYOD (22%) and unsecured USB sticks (9%).

The researchers found that failure to install updates stems from a combination of slow testing procedures and an inability to distribute updates automatically at scale i.e. lack of infrastructure.

With a growing number of applications being left out of date, todays businesses are creating their own backdoors for hackers, botnets and malware to attack, according to Dan Vetras, CEO of Kollective.

Other findings include:

66% of organizations cant automate their update software distribution

81% of IT teams cant deploy software updates when they first arrive

52% of those in large enterprises must wait at least 7 days before installing vital security patches

25% of companies delay updates due to network scaling issues

21% of IT managers say they dont have the budget to overhaul the organizations IT infrastructure

46% of IT teams have no plan to manage updates served as part of Microsofts upcoming Windows as a Service model

---------------------------------------------------

ARTICLE 2:

How Hackers Choose Their Targets

According to Security Boulevard, the #1 security vulnerability identified by IT managers is unpatched systems.

Hackers target vulnerable systems. There it is. That is the big secret, which likely isnt as shocking as one anticipated. Why do hackers target vulnerable systems? This too is rather simple. They dont want to have to work at hacking the system, they want users to leave the door open for them. And often times they are.

Leaving third-party applications and operating systems outdated leaves endpoints and servers, as well as all the data on them, vulnerable to attack.

It is imperative for users to update all devices in a timely manner. Often times this will take longer for larger businesses, as proper testing should be completed to ensure the update will not negatively impact the functionality of existing software or devices. That being said, the testing process should take place once updates are available, so updates can be installed as quickly as possible. It should also be noted, major software companies, such as Microsoft, have reoccurring update release dates. Therefore, IT professionals can schedule when testing will need to be completed with the predetermined update dates.

Automate Updates?

Users at a smaller scale, either home users or perhaps a smaller business may automate application and operating system updates to take the legwork out of manually launching the update. This feature is great for those who want to set it and forget it. However, users must remember to reboot their PCs every day. When updates are installed, they often are not finalized until the device is rebooted. Therefore, users may think theyre protected with the latest updates, but in reality, they havent finished installing because no reboot has been initiated.

Rebooting is equally important for those who manually update as well. If it isnt getting done the update is NOT complete.

Other Forms of Vulnerability

Although unpatched systems were the primary security threat identified by IT managers, other vulnerabilities should be addressed as well. Additional factors to evaluate include multi-factor authentication, IoT devices, BYOD policies, and password strength.

Multi-Factor Authentication and Password Strength

First and foremost, no one should be able to access your network with one basic password. Employers should be employing a multi-layer authentication feature to access their networks. As a component of that, proper password regulations should be in place. This includes requiring passwords to be changed every 30-45 days, including specific characters and numbers, and offering a password vault for employees to track their passwords to prevent them from being written down or kept in a Word or Excel document.

IoT and BYOD

The Internet of Things (IoT) has taken over the world. Were more connected now than ever, whether it is our smartwatches notifying us of text or calls, or checking emails through our phones. We often bring these devices with us to work and connect them to company networks. This creates a major problem. If these devices are infected with malware of any kind viruses, ransomware, spyware, etc. this malware can now spread throughout the company networks. Also, the likelihood of these IoT devices having any form of security solution installed is minimal at best. They often do not come with any form of antivirus installed, and some devices are not compatible with security solutions at all.

Therefore, having a solidified Bring Your Own Device (BYOD) policy is important. Employees should know what is allowed and expected, and what is not. This should include three major things. First, what devices are permitted to connect to the companys networks. Second, the company needs to mandate a security solution is installed on all devices permitted to connect to company networks. Lastly, it must include disciplinary measures if the policy is not adhered to.

-----------------------------------------

QUESTIONS

Questions

Based on the news articles above, and Internet searching, answer the following questions.

1) For IT managers that were surveyed, what do they believe is the biggest security threat of 2018?

2) Why do hackers target known vulnerabilities?

3) Where might hackers find out about these vulnerabilities?

4) What difficulties might an IT manager have updating vulnerable systems?

5) What other vulnerabilities do IT managers believe to be next on the list of exploitable vulnerabilities?