The Cyber Defense eMagazine November Edition for 2023

Past incidents involving data breaches have illustrated the risks associated with outdated home systems
and a lack of security awareness, as they can unwittingly compromise entire enterprise networks.
Neglecting to keep software systems up-to-date has also proven to lead to an ever-growing number of
vulnerabilities that are ripe for bad actors to exploit. A noteworthy example occurred in March 2023 when
LastPass experienced a massive breach due to an oversight by one of its engineers who failed to update
Plex on their personal computer. This oversight resulted in a deserialization flaw that affected a Plex
Media Server running on Windows, permitting a remote attacker with authentication to execute Python
code within the context of the current operating system user.
While employers may learn from such attacks and enforce consistent patching requirements for individual
devices connected to internal systems, Chromecast devices now remain vulnerable. Without the ability
to automatically secure itself through a provided patch, it could serve as a stepping stone for attackers to
gain access to other systems in the home network and subsequently, the enterprise network itself.
Currently, companies can spend millions every year to patch, document and report results. Yet they will
opt to delay their updates and security patches by weeks or even months. This is largely due to the fact
that security leaders and IT teams view patch management as a highly disruptive and time-consuming
process disrupting operations due to server reboots and scheduled downtime.
Such hesitance to maintain a consistent patch schedule creates a highly exploitable attack surface that
can become a ticking time bomb for any remote employee or unsuspecting business. This is where live
patching comes in to streamline the process without disrupting systems. Live patching is a relatively new
approach to enterprise security that works by intercepting and modifying code at runtime, without
interrupting the system's normal operation or modifying the underlying binary. Having this system in
place that can apply an automatic patch as it becomes available can not only reduce system downtime,
but it can also provide substantial labor cost savings, eliminate maintenance windows, and free up
understaffed IT security teams.
Implementing more robust security measures for remote access to corporate networks will ensure
potential breaches cannot take down an entire enterprise system. According to a recent Tessin report,
nearly 90% of IT leaders and CISO’s agree that a strong security culture is imperative to maintaining the
required security posture, while a third of employees do not think they play a role in effective cyber
mitigation. But employee behavior can place companies at a huge risk of falling victim to cyberattacks,
with human error one of the biggest risks to cybersecurity today.
Human error can manifest itself in a multitude of ways, from weak passwords to failing to install software
security updates on time, to accidentally giving up sensitive information to phishing emails and malware
threats. The risk has only increased as office employees have moved to the more preferred status of
remote work. Staff working from home are often outside the direct oversight of IT teams and often struggle
to deal with cyberthreats and appropriately protect company information. In fact, remote work has
effectively removed the notion of a security perimeter around networked corporate IT assets. While
technical solutions like zero trust, mobile device management systems or spam filters are useful for endusers,
they do not offer the level of protection needed to properly reduce risk, and offer no additional
security to devices present in home networks but not directly used to access internal enterprise systems.
Cyber Defense eMagazine – November 2023 Edition 82
Copyright © 2023, Cyber Defense Magazine. All rights reserved worldwide.