Cybersecurity

Microsoft issued emergency security patches for multiple versions of Exchange Server on March 2, 2021. The updates addressed a series of zero-day exploits that compromised hundreds of thousands of on-premises Exchange Servers worldwide. Known collectively as ProxyLogon, the advanced persistent threats (APTs) allow an attacker to open a “backdoor” in Exchange Server that can be accessed from the Internet.

Managed services providers (MSPs) use a variety of tools to monitor their customers’ systems and networks and protect against cyberattacks. If the MSP doesn’t follow best practices, however, they can actually introduce threats into their customers’ environments.

Cybersecurity may seem like a cat-and-mouse game, but the odds heavily favor the mouse. The cat must defend against all types of attack and quickly identify any potential security weaknesses. The mouse only has to find one vulnerability in order to elude the cat.

A network vulnerability assessment is the initial phase of any cybersecurity strategy. In the National Institute of Standards and Technology (NIST) Cybersecurity Framework, vulnerability assessments fall under the “identify” phase. They are designed to help organizations identify any gaps in their security posture and prioritize the activities needed to close those gaps. Because cyber threats are continually evolving, organizations should regularly review their IT environment in order to understand their risk exposure.