Brian Sims
Editor
Brian Sims
Editor
THE NATIONAL Cyber Security Centre (NCSC) and its international partners including agencies in the US, Australia, Canada and New Zealand have published a joint advisory for public and private sector organisations alike on the 15 most commonly exploited cyber vulnerabilities in 2021.
The advisory highlights the fact that malicious cyber actors aggressively targeted newly disclosed critical software vulnerabilities across the public and private sectors worldwide. Threat actors often geared their efforts towards targeting Internet-facing systems, such as e-mail and Virtual Private Network servers. It also indicates that, to a lesser extent, actors continue to exploit publicly known – and often dated – vulnerabilities, some of which were routinely exploited in 2020 or earlier.
Further, the advisory directs organisations to follow specific mitigation advice in order to protect against exploitation, which includes applying timely patches, using a centralised patch management system and replacing any software that’s no longer supported by the vendor.
Lindy Cameron, CEO at the NCSC, explained: “The NCSC and its allies are committed to raising awareness of vulnerabilities and presenting actionable solutions to mitigate them. This advisory places the power in the hands of network defenders to fix the most common cyber weaknesses in the public and private sector ecosystem. Working with our international partners, we will continue to raise awareness of the threats posed by those who seek to harm us.”
Additional guidance for organisations on how to protect themselves in cyber space can be found on the NCSC’s website. The organisation’s ‘Ten Steps to Cyber Security’ collection provides a summary of advice for security and technical professionals.
In order to mitigate vulnerabilities, organisations should review NCSC guidance on an effective vulnerability management process, while the NCSC’s Early Warning Service also provides vulnerability and open port alerts for subscribed organisations.
*The NCSC’s advisory is available to read in full on the Cyber Security and Infrastructure Security Agency's (CISA) website