I'm sure you've seen in the news about a vulnerability that's being exploited on Microsoft SharePoint servers. And while that's taking over the headlines, I think it's important for many agencies out there to understand that this might not affect them.
In fact, there's an easier way to approach your cybersecurity strategy than having to pivot because of everything that you see in the news.
So, let's break down what's going on around this, why agencies might not need to do anything, and how to avoid a knee-jerk reaction to serious threats that appear in the news.
So first, here's what's going on.
Microsoft discovered a SharePoint vulnerability was being attacked. And anytime an attacker is aware of a vulnerability before security teams and technology companies are, it's called a zero-day attack.
This zero-day attack happens to be quite serious and has to do with SharePoint that's hosted on in-office servers.
So, if your office does not host your SharePoint files through Microsoft but instead has opted to have a server on-premises that is hosting this data for you, then yes, this is important for you to take action on. In fact, the news articles say that if you have this vulnerability, you've probably already been compromised if you haven't addressed it already.
However, for many of you reading this today, you probably host directly through Microsoft and won’t have any impact here.
This is really important, but for many of you, it doesn't affect you.
So why do I suggest not worrying?
Having worked with hundreds of businesses over the years on IT and cybersecurity, I’ve only run into a handful of people that actually host their SharePoint server themselves and are not hosting with Microsoft.
So really, in my opinion, what is happening is that a lot of the news is really important for those that it does affect.
But because a lot of people don't understand the actual risk here, the news media and salespeople are pushing this everywhere as a form of fear, uncertainty, and doubt (FUD).
Even in the articles that I've read around it, on APNews.com, they talk about one provider testing 8,000 different customers and finding it in dozens of their clients.
Meaning, probably less than 10% of their clients actually have this issue. Which sounds about right based on the amount of people we would expect out there that have SharePoint servers themselves versus hosting with Microsoft.
There is a bigger lesson here
While this is important, and it's hopefully something that you do not have to deal with, the news is not necessarily the best place to tell you where to prioritize your efforts in reducing your cyber risk.
What’s actually the better approach here is to take a risk-based approach to cybersecurity. And part of that includes conducting things like vulnerability scans that should alert you before the general news media that you have a vulnerability that needs to be addressed.
Now, of course, this does not account for zero-day vulnerabilities because researchers don't know they exist yet. However, once those vulnerabilities are discovered, they appear in the Common Vulnerabilities and Exposures list (CVEs) that vulnerability scans compare against.
So, anybody who had this vulnerability, that was doing regular vulnerability scans (which is recommended to be doing continuously at this point in time), then they would have gotten some alert or some notification from somebody that this needs attention.
Know your risks
So this is where I think it's important for you to remember to look at your overall strategy to make sure that you're actually looking at risks that pertain to you.
What's great about this is when you start to see these things in the news, then you're in a better position to make decisions and be able to understand how to react to these things. You would have already taken that risk-based approach to understanding where your systems might be more likely to be attacked or the impacts that they might have on your business.
You're not having, again, that knee-jerk reaction to what you've seen in the news.
Ignore the FUD
It's very important not to let fear, uncertainty, and doubt distract you from what's really important. Often, it's really just a news site that's trying to get clicks, or it's a sales and marketing team that's trying to sell a product.
Your cybersecurity approach suffers from fear, uncertainty, and doubt because that means that you're reactionary or don't have a strategy in place. You're not necessarily sure where to focus.
This is where risk-based cybersecurity is going to help you understand exactly how to do that.
Where to go from here
So, for those of you that do have SharePoint hosted in-house, this is very serious. Yes, you probably do need to take a closer look at what's going on and make sure that you've addressed this. And, there is a very high chance that you could already have a compromise.
For those who don’t have SharePoint in-house, or for anybody that wants to implement a better cybersecurity strategy, look at risk-based cybersecurity techniques.
In fact, RLS Consulting is giving away a new Cybersecurity Playbook for Agencies that’s going to walk you through exactly this.
Learn how to take a risk-based cybersecurity approach, how to understand where to focus your attention, and how to make better decisions around cybersecurity.
And, it’s going to give you strategies, like implementing cybersecurity frameworks that cover things like vulnerability management, so you have this kind of risk covered.
So, if you don’t already have this stuff figured out, grab our free playbook and learn how to start protecting yourself better today!
No Comments Yet
Let us know what you think