Security Risks Associated with End of Service Life

Security Risks Associated with End of Service Life

Who does this affect?

EOSL (End of Service Life) impacts everyone, but small businesses are the primary targets of cyber-attacks.  Why?  Small businesses normally lack hardened processes to ensure systems are patched, thus making them more vulnerable. About 80% of small and medium businesses don’t employ good patching practices. 

What happens when you ignore updates?

When software and hardware providers retire versions (eg. Microsoft Windows Sever 2008 and 2008R2, SQL Server 2008R2, Windows 7), they are no longer supplied the proper updates to match the innovation of hackers. This becomes a cyber security issue because it opens your business to the possibility of:

  • Temporary or permanent loss of sensitive or proprietary information

  • Disruption to operations/downtime

  • Financial losses incurred to restore systems and files

  • Inability to transact business

  • Supply chain and manufacturing stalls

  • Harm to an organization’s reputation

What can you do to protect yourself?

A business must take immediate action to plan and architect a strategy.  The risk one runs if ignored can cripple your business.  Some considerations that may assist with this process:

·        Identify OS versions with a Network Detective Scan

·        Advisory on planning to mitigate risk

·        Schedule upgrades to minimize downtime

·        Maintain thorough life-cycle management

ZAG is ready to assist.

Google, Now Windows 7 – Two Zero Day Exploits in One Week

Google, Now Windows 7 – Two Zero Day Exploits in One Week

Following the discovery of vulnerabilities in Google Chrome, Security Lead and Engineering Director, Justin Schuh, urged Chrome users to update to the newest version “like right this minute.” This update prevents hackers from taking advantage ofserious vulnerabilities that allow them to execute malicious code. While Google has not released the information detailing the bugs and links, historically speaking, most zero day exploits have resulted in exposing sensitive data and financial losses. 

In the same week, Google’s Security Blog released a blog post pointing out Windows 7’s vulnerabilities that “can still be used to elevate privileges or combined with another browser vulnerability to evade security sandboxes.”*

What can you do to protect yourself?

Take immediate action and update Chrome on all your systems – MAC, Linux, Windows if it is not automatically updated.  If you are still using Windows 7, update to a newer version immediately. 

Our Managed Security Assurance clients appreciate our approach to managing all laptops, workstations and servers.  Our monitoring & management platforms apply patches as soon as systems connect to the internet.

Be mindful it only takes one to infect the entire company.

*Source: Google Security Blog

 

 

The Problem With Sleeping

The Problem With Sleeping

Laptop advancements have been significant over the years. They are the productivity tool of today. A simple example of this is how we can put a laptop to sleep by simply closing the cover. Users quickly get back to work simply by reopening the cover. We continue working as if we never left.

While this is great for productivity, it has a significant negative impact on security. Laptops are being rebooted much less frequently than ever before. In fact, people often don’t remember when they last did a full reboot.

In many cases, a system isn’t protected by the patch until a full reboot is performed.

Because of this, ZAG has moved to standardize reboot enforcement to ensure patches are completely installed. We do this in a user-friendly manner by giving the user ample opportunity to reboot. Without forced reboots, an environment can never be considered secure.

ZAG encourages everyone to review their patching methodology and ensure that systems are truly patched. If you do anything short of this, you are susceptible and vulnerable to a potential attack. IT must manage your environment actively to ensure the company is protected.