Lesson 5
Hopefully, this tutorial provided helpful guidance on how you can defend your organization from cyber threats.
Doing the basics isn’t hard, but it takes hard work. Tenable can help you make sure you’re implementing best practices and using your time efficiently, so
you can show you’re doing all the right things to protect the business.
Do the work that makes a difference
01
02
03
04
05
05
Lesson 4
Use multifactor authentication, not passwords
Think passwords are a necessary evil?
It’s time for a reset.
Chances are, your employees engage in risky behavior when it comes to passwords and authentication. To protect your company, ditch passwords for more effective alternatives. Use multifactor identification (think TouchID or FaceID) and manage account privileges based on what access is needed by whom.
04
Lesson 3
Fix high-risk vulnerabilities first
Most organizations have thousands, if not millions, of vulnerabilities on their cyberattack surface. Which should you tackle first? Educated guesses can leave the business exposed to unnecessary danger. Use a risk-based approach to get precise answers. Take advantage of machine learning capabilities, which can analyze vulnerability data at scale, correlating severity, threat actor activity and asset criticality – giving you the insights you need to deliver measurable results.
03
Lesson 2
Know your systems – and maintain them
So, if you typically have access to patches before attackers have access to exploits, what’s the problem? For starters, most organizations don't understand the extent of the systems they're using.
Your attack surface has changed – and keeps changing. You can’t protect what you can’t see,
so it’s important to create a complete map of
your attack surface. Knowing your systems –
and where they’re exposed – takes time and effort. But, it’s absolutely essential.
02
Lesson 1
Get back to basics
01
80%
By 2022, organizations that use the risk-based vulnerability management method will
suffer
(source is: A Guide to Choosing a Vulnerability Assessment Solution, Gartner, April 2019)
01
02
03
04
05
LEARN MORE
LEARN MORE
1/3
MORE THAN
of breached organizations knew they had unpatched vulnerabilities and did nothing about it.
Source: 2018 Ponemon Institute Survey
37%
of breached organizations admitted they don’t scan for vulnerabilities.
Source: 2018 Ponemon Institute Survey
Cyberattacks are successful because we ignore the basics – not because threat actors are overly sophisticated. Nation-state attacks and APTs are not the problem. Attackers typically go after the low-hanging fruit of a network instead of wasting a zero-day exploit. It's cheaper and less risky.
The truth is, most breaches are caused by known, unpatched vulnerabilities.
But, if you practice good cyber hygiene and risk-based vulnerability management, you’ll show a defensible standard of care – and minimize your chance of attack.
The companies that don’t do the basics are the ones that open themselves up to risk. In fact, looking at the thousands of vulnerabilities disclosed every year, only a fraction are exploitable. Moreover, less than ½ of 1% of vulnerabilities have exploit code available before patches are available. This means, fixing high-risk vulnerabilities is a very fixable problem.
4x
Companies that don’t scan for vulnerabilities are 4x more likely to get breached.
Source: Gartner
THE ATTACK SURFACE
IOT
CLOUD
IT
Server
Network infrastructure
Laptop & desktop
Mobile device
Cloud infrastructure
Web application
Container
Industrial control system
Enterprise IoT
50%
OVER
of breaches are the result of abuse of authentication and/or bad identity management practices.
Source: Tenable
fewer breaches.
– Gartner
37%
– Gartner
By 2022, organizations that use the risk-based vulnerability management method will suffer
fewer breaches.
80%
(source is: A Guide to Choosing a Vulnerability Assessment Solution, Gartner, April 2019)
OVER
of breaches are the result of abuse of authentication and/or bad identity management practices.
Source: 2018 Ponemon Institute Survey
