Palo Alto vulnerability highlights importance of technology management

Summary

US Cyber Command is warning companies to immediately implement a critical patch for a potentially devastating security vulnerability in a number of Palo Alto Network products. Affected products include its firewall and VPN application, in wider use since the onset of work from home in March. According to the alert, the vulnerability is related to the company’s Security Assertion Markup Language. If exploited under certain conditions, it could allow a hacker access to a corporate network with administrator-level access without requiring the administrator’s login information.

Report

Analysis

The rise of business disruption-type breaches that most commonly take the form of ransomware is driven by several factors. One such factor today is the increasingly complex threat environment created by the rapid acceleration of digital transformation and remote work. This is a perfect example of the serious risks facing corporate networks as a single vulnerability could lead to a global shutdown of operations if exploited successfully.

It also calls attention to the critical importance of cyber policies and processes that dictate how identified vulnerabilities like this get patched. Company A that has invested in the latest and greatest technology is no safer than Company B with inferior technology if Company A does not properly manage the technology, including strong patching cadences. This is why Cyberhedge data indicates that the difference between good and bad cyber governance stems not from the technology a company has but the management of the technology.

This is an inconvenient truth for a cybersecurity industry that thrives on the notion that buying more product is equal to stronger security. But the facts contradict this idea, as 53% of attacks occur undetected and 80% of tools are underused at default settings. Management—including policies and processes tied to patching critical vulnerabilities—is a difference maker, especially in this era of remote work.

Close

Instantly download research in our library and be the first to get access to new content

Denis Bolshakov

Log out

We use cookies to make our website more user-friendly and effective

The Cyberhedge Indices Cookie Policy

What are the Cyberhedge Cyber Governance Indices?

These first ever benchmarks prove good cyber governance matters to shareholder value. They measure stock market performance of companies with good and with bad cyber governance scores. Scores are based on Cyberhedge’s proprietary cyber governance rating methodology. Market performance is tracked by an independent firm. The results show that companies with good cyber governance outperform their peers in US, UK, and EU markets.

Information that we collect

Here you can see and customize the information that we collect about you. To learn more, please read our privacy policy

Continue on website