Cyber vulnerabilities are Weaknesses in computer systems, networks or software Which can be exploited by malicious people to jeopardize the security of the mentioned systems. These vulnerabilities can arise due to various reasons the reasonshow Programming errors, incorrect configurations, and lack of security updates Or there is a flaw in the design of the hardware or software.
When a vulnerability is discovered, attackers can exploit it to perform a variety of malicious actions, such as stealing sensitive information, infecting systems with malware, disrupting services, conducting fraud, or even taking complete control of a system or network.
Vulnerability management is critical to cybersecurity and involves identifying, assessing, and mitigating vulnerabilities in systems and networks. Through measures such as security patches, software updates, secure configurations, and strong security practices.
According to data collected by the SILIKN Research Unit, during 2023, 51.3% of companies and 96.8% of government agencies in Mexico were determined to have at least one known vulnerability in their systems.
:quality(85)/cloudfront-us-east-1.images.arcpublishing.com/infobae/JFTWLC6JAA2DKCFPUKPC2NEZEM.jpg 420w)
The analysis conducted by the SILIKN Research Unit highlights the significant challenges faced by Mexican entities in trying to quickly address critical vulnerabilities being exploited, given that most of them, especially government entities, show a very slow mitigation response.
Critical vulnerabilities require, on average, approximately six months to fix, This creates a great risk and confirms the urgent need to have a preventive plan to mitigate vulnerabilities. This would ensure that in the event of an accident, the time needed to recover would be much shorter.
It is important that organizational leaders recognize that vulnerabilities may exist and can Detect it in a timely manner. It is a priority to identify these vulnerabilities as significant threats and strengthen a security posture focused on comprehensive analyzes and, above all, resilient actions. Using this approach, organizations have the opportunity to significantly enhance their security.
It is worth noting that during 2023, about 28,000 vulnerabilities were discovered from various suppliers and products, which represents a 19% increase over those reported in 2022. Of the above, 42.7% were critical.
:quality(85)/cloudfront-us-east-1.images.arcpublishing.com/infobae/ETA7QZ7ARFDFXMCLQLOQ7IWLIA.png 420w)
in mexico, The vulnerabilities CVE-2012-0143 and CVE-2017-11882 were the most commonly used by cybercriminals through exploits.Since they are frequently discovered in enterprise systems.
CVE-2012-0143 Vulnerability affects Microsoft Excel 2003 SP3 and Office 2008 for Mac, as these applications suffer from poor memory management when opening files, allowing remote attackers to execute arbitrary code via a crafted spreadsheet.
Similarly, The CVE-2017-11882 vulnerability is a memory corruption issue that affects multiple versions of Microsoft Office: 2007 Service Pack 3, 2010 Service Pack 2, 2013 Service Pack 1, and 2016. This vulnerability allows an attacker to execute arbitrary code in the context of the current user by not properly managing objects in memory.
It is important to note that the analysis represents a significant advance in identifying high-risk vulnerabilities. Unfortunately, there is still a big problem of managing these weaknesses in our country. This is because those responsible for security often lack clear authority to address necessary reforms, as well as full visibility into the environment and metrics that evaluate the effectiveness of measures taken. On the other hand, managers who have power tend to minimize or avoid responsibilities associated with cyber incident management.
:quality(85)/cloudfront-us-east-1.images.arcpublishing.com/infobae/HAQYJC4GB5HHZCK3IWOYJQBXQ4.png 420w)
In view of the above, it is suggested that, Given the increase in demands faced by organizations, it is clear that it is more necessary than ever for security experts to fill management roles. They have the ability to influence operational changes at all levels of the organization. This would allow for more flexible management of vulnerabilities, with speed being a crucial aspect in this context.
Organizations of all sizes face the challenge of dealing with the constant stream of vulnerabilities being disclosed. Although it is important that each company establishes a vulnerability management method adapted to its specific risks, we stress the importance of all starting by prioritizing vulnerabilities that have already been exploited, because remediating them quickly is closely linked to finding more resilient solutions.
—-
*Silicon founder | Technology Entrepreneur | (ISC)² Certified in Cybersecurity℠ (CC) | Certified Cybersecurity Trainer (CSCT™) | European Council Ethical Hacking Basics (EHE) | Council Certified Cybersecurity Technician (CCT) | Leader of the Queretaro chapter of OWASP.
Twitter: https://twitter.com/silikn
Instagram: https://www.instagram.com/silikn
Youtube: https://www.youtube.com/@silikn7599
“Travel junkie. Coffee lover. Incurable social media evangelist. Zombie maven.”