News & Events


You've spent time and money configuring your enterprise security software and have assured your stakeholders that this investment will help keep your data safe. What happens when the software that is supposed to protect your data winds up exposing it instead? This nightmare scenario is a reality for many businesses; possibly yours. Several versions of Symantec antivirus software were recently found to have multiple critical vulnerabilities that can expose all of your sensitive information to unknown third parties.

These vulnerabilities are so dangerous that they do not require user interaction. In other words, your users do not have to click a link or open an email. The vulnerabilities affect the default configurations of the software and threaten your enterprise by exposing the software's proactive efforts to scan unknown files and filter them for threats. Therefore, just an unopened email in to a victim is enough to trigger network penetration.

What can you do about it?

Symantec has released a patch for all of the products affected by the vulnerability. Your first response should be to download and install the vendor patch. The patch is available on the Symantec website.

 

Symantec is not the first and only vendor to have vulnerabilities. Cybersecurity companies such as McAfee, Trend Micro, Comodo, ESET and Kaspersky have had similar instances that continually arise with the everyday development of technology. The key to addressing these and other vulnerabilities is to develop a comprehensive cybersecurity program that will allow you to address the specific needs of your organization and provide assurance for your stakeholders.

 

Getting started
A wise sage once said "If you don't know where you are, a map does you no good." To begin to understand where you are ask yourself the following questions:
•    Do we have a cybersecurity program?
•    Does it cover all the pertinent risks for our business?
•    Are we truly managing risk?
•    Do we have adequate resources?
•    Are we training, testing and monitoring?

•    Do we have a response strategy and plan?

 

If you don't know the answer to these and other questions about your current state of cybersecurity, UHY Advisors can help by providing your organization with a cybersecurity program assessment. Using the National Institute for Standards and Technology (NIST) framework, we will examine your current program and provide you with meaningful information on your current and recommended state on 16 key elements of an effective cybersecurity program. We will also provide meaningful and focused recommendations specific to your organization. Please contact your local UHY professional or visit us online at www.uhy-us.com.

 

By David King, CISA, QSA