Importance of Vulnerability Management in the Fight Against Ransomware
Date: 23 June 2023
Runecast, was one of the keynote presenters at our recent Wisdom of Crowds event in London. The focus of the keynote address was how getting your foundation right and focussing on the basics when it comes to vulnerability management can help in the fight against ransomware.
Cyber Management Alliance recently concluded one of its most successful Wisdom of Crowds events in London. The main theme of the event was the ‘Biggest Cyber Attack Tabletop Exercise’ and the event saw a huge turnout from top InfoSec professionals in the UK. We also had keynote addresses from leading cybersecurity companies including Runecast, Semperis and Dope.Security.
The Runecast keynote address was delivered by Markus Strauss, CPO of Runecast Solutions. Runecast started about 8 years ago as an IT Operations Management company. Over the years, Runecast evolved beyond security best practices and started adding security hardening guidelines and moved on to vulnerability assessment, compliance assessment etc.
Markus’s keynote address was titled “Back to Basics - The Importance of Vulnerability Management in the Fight Against Ransomware”. He spoke about how getting ‘back to basics’ can help in the fight against this massive scourge in the cybersecurity industry today.
In quintessential Wisdom of Crowds style, Markus steered clear of pitching Runecast solutions as such and his keynote was focussed more on educating the attendees.
Vulnerability Management basics, as summed up by Markus, include:
- Knowing what and where your key assets are.
- Understanding the level of vulnerabilities in your environment.
- Understanding your endpoints, data centre environments and your infrastructure.
- Evaluating your risk appetite.
Markus moved on to a brief discussion about ransomware and how it’s been rearing its ugly head all over the world. When we think of ransomware, we often think of phishing and of the human element.
But there’s a very large segment of ransomware that’s directly attached to Common Vulnerabilities and Exposures (CVEs). Abusing vulnerabilities in the environment and making lateral movements and harvesting has all made the attacks more targeted. This means that ransomware now attacks your critical infrastructure and areas that actually run your business.
Therefore, the point becomes clear - that just by reducing the vulnerabilities in your environment, you can reduce risk significantly. Basics like Vulnerability Assessment and Security Hardening can help you achieve this in a major way.
When it comes to Vulnerability Management, Markus noted the following as the key fundamental steps all organisations must take:
- Knowing where all your critical assets and information reside.
- Bringing your teams together -IT infrastructure, DevOps, DevSecOps. They have to be able to speak the same language, look at the same data and understand the same results.
- Preparedness: Good Vulnerability Management Hygiene.
- Configuration Drift: Knowing how your configuration changes over time.
- Prioritising risks and using the data to understand risk-based prioritisation.
The Runecast keynote address led by Markus was the perfect example of how interactive and lively the sessions at Wisdom of Crowds events are. Not only did he keep the focus of the discussion on insights that the audience really wanted, his address was followed by a lively exchange amongst the attendees. They asked questions, challenged the presenter, offered their real-world perspectives and engaged meaningfully for much better outcomes for all.
This is the hallmark of our Wisdom of Crowds events. Each event brings out a wealth of shared knowledge and collaborative thought leadership amongst the cybersecurity community. The events attract a niche audience of top InfoSec professionals who enrich the sessions with their own inputs and insights.
There is room for unparalleled interaction and engagement as well as group sessions and activities that allow participants to work closely with their peers from different organisations. Fresh perspectives, unmatched collaboration, the chance to network with peers and other influential cybersecurity leaders is what makes our Wisdom of Crowds events unique.
Find out more about becoming a delegate and/or sponsor at the Wisdom of Crowds events.