The U.S. National Security Agency (NSA) recently published a list of the top publicly known vulnerabilities Chinese state-sponsored hackers exploit, several of which affect Microsoft and Citrix users. While many assume hackers are targeting government agencies, the truth is these vulnerabilities can affect even the smallest of businesses. As a small or medium business, it’s important to address known vulnerabilities and quickly take steps to mitigate the risks your company faces.
Any breach of your data or interruption of services can come with severe, and costly, consequences. The NSA recommends all organizations patch known vulnerabilities immediately to protect against bank fraud, data theft, and ransomware attacks.
“We hear loud and clear that it can be hard to prioritize patching and mitigation efforts,” NSA Cybersecurity Director Anne Neuberger said in a press release.
The agency went on to state it hoped by sharing the top vulnerabilities China is “actively using to compromise systems,” security professionals can learn actionable information about prioritizing their security efforts.
Out of the 25 top vulnerabilities Chinese state-sponsored hackers are manipulating, these are weaknesses that directly target Citrix and Microsoft users:
Of the 25 vulnerabilities, seven can be used by bad actors to gain remote access to internal systems where they can gain entry to privileged access, which makes fixing these a priority. Not mitigating these and other weaknesses can result in the exposure of sensitive data, including intellectual property and other proprietary information.
In addition to addressing vulnerabilities with swift action by following their recommendations, businesses should routinely take steps to safeguard themselves against bad actors:
It’s also critical to understand patching doesn’t alleviate any previous unauthorized access. This makes it essential to establish protocols for users to routinely change their passwords and create strong passwords. Statistics suggest 61% of businesses’ don’t require password complexity and 39% don’t provide their staff with proper password training. A recent statistic shared by Verizon found roughly 80% of all breaches are traced back to weak passwords and compromised credentials.
The full NSA announcement of the top 25, along with the specific mitigations you can take for each vulnerability, can be viewed here.