Getting your Trinity Audio player ready...
|
The malicious actor sometimes can exploit vulnerabilities in commonly used technology and software, posing challenges for cybersecurity in any sector and industry. However, organisations can significantly reduce the risk of exploitation by staying vigilant and implementing robust security measures.
One of the critical challenges in cybersecurity is the constant evolution of cyber threats. Malicious actors constantly seek vulnerabilities in software and technology to exploit. These vulnerabilities can exist in any sector or industry, making it crucial for organisations to remain proactive in their cybersecurity efforts.
Collaboration and information sharing among organisations and cybersecurity agencies are crucial in combating cyber threats. By sharing threat intelligence and best practices, the cybersecurity community can work together to identify and mitigate potential threats more effectively.
The National Cyber Security Centre (NCSC) and Computer Emergency Response Team New Zealand (CERT NZ) in collaboration with international partners, have issued a cybersecurity advisory regarding vulnerabilities in one of the global software companies’ Connect Secure and Policy Secure gateways. While these vulnerabilities (CVE-2023-46805, CVE-2024-21887, CVE-2024-22024, and CVE-2024-21893) pose potential risks, the advisory aims to empower organisations to enhance their cybersecurity posture proactively.
Authored by CISA, the Federal Bureau of Investigation (FBI), the Multi-State Information Sharing & Analysis Centre (MS-ISAC), the Australian Signals Directorate’s Australian Cyber Security Centre (ASD’s ACSC), the United Kingdom’s National Cyber Security Centre (NCSC), and the Canadian Centre for Cyber Security (Cyber Centre), the advisory provides insights into the observed tactics of cyber threat actors and indicators of compromise to help organisations detect and mitigate potential threats.
Organisations are advised to be vigilant and assume a threat actor could attempt to exploit these vulnerabilities. Organisations can effectively manage these risks and protect their networks by exercising caution and making informed risk decisions.
Rob Pope, Director of CERT NZ, highlighted the importance of staying informed about vulnerabilities and recommended that those in the IT sector sign up for updates from their country’s cyber security agencies. This proactive approach can help organisations stay ahead of potential threats.
To assist organisations in understanding the potential impact of these vulnerabilities, the advisory includes critical findings from tests conducted by CISA from an attacker’s perspective. Additionally, the NCSC-NZ and its partners recommend that software manufacturers incorporate secure-by-design and -default principles into their development practices to reduce the prevalence of vulnerabilities and insecure configurations.
All organisations are encouraged to review the advisory and implement the recommended actions and mitigations, including applying patches and updates provided by that global software company. By taking these proactive measures, organisations can enhance their cybersecurity resilience and mitigate the risk of exploitation.
Until March 2024, New Zealand alone has been proactively taking preventive measures to tackle the cybersecurity of malicious actors. Based on the previous report by OpenGov Asia, New Zealand’s National Cyber Security Centre (NCSC) has collaborated with the Computer Emergency Response Team New Zealand (CERT NZ), along with the support of the United States’ Cybersecurity and Infrastructure Security Agency (CISA) and 15 other prominent global cybersecurity agencies, marks an advancement in cybersecurity. The joint product, aptly named “Shifting the Balance of Cybersecurity Risk: Principles and Approaches for Secure by Design Software,” is a testament to these organisations’ dedication and collective expertise.
The original product, “Shifting the Balance of Cybersecurity Risk: Secure-By-Design and -Default Principles,” underscored the importance of adopting secure-by-design and secure-by-default practices in software development. It encouraged software manufacturers to prioritise these practices, expecting customer organisations to hold them accountable. This product effectively served as a cybersecurity roadmap for technology manufacturers and their products.
In an era where technology evolves rapidly, digital systems deeply intertwine with daily human life, ensuring software security is paramount. Cyber threats are persistent, but proactive measures and international collaboration can significantly reduce vulnerabilities and mitigate risks. By staying informed and implementing best practices, organisations can safeguard their networks and mitigate the potential impact of cyber-attacks.