How to Keep on Top of Emerging Cyber Threats

Every single day around 60 new vulnerabilities are discovered in software used throughout the world. Not all are serious but just one can be enough to cause a breach – so not patching these can lead to disaster. This was the case with EternalBlue, an exploit for a vulnerability in Microsoft Windows SMB (file and printer sharing). Even though a patch was made available a month before the exploit was made public, not all organisations applied it quickly enough. This led to the infamous WannaCry ransomware attack, and many others. WannaCry infiltrated systems in 150 countries, knocking hospitals across the UK offline as well as hitting Government systems and railway networks.

With a 2021 report finding 5,250 confirmed data breaches across the world, and with the median financial impact of a breach reaching $21,659, it is vital that you have within your cybersecurity armoury in-depth knowledge and the ability to continuously monitor for new emerging risks and security threats. But with so much noise out there, how do you do that? Don’t worry, help is here with our extensive list of sources and solutions to keep you on track...

News and blogs

Cybersecurity journalists and bloggers dedicate their working lives to helping people become more informed and better protected against cyber threats which is why they are a great place for insight. Try:

1. The Register (search terms: cybersecurity, netsec, sysadmin)

2. Threat Post

3. SC Magazine (in particular, its Vulnerabilities section)

4. Dark Reading

5. The Hacker News

6. GBHackers on Security

7. Security Magazine

8. Security Affairs

9. Security Intelligence

Social Media

The mainstream media may have become dramatically quicker in reporting news but it will never beat the speed of social media. Within seconds of something being identified, it can be reported on social media, but unlike mainstream news, the information won’t always be verified before publication and could be incorrect. This could lead to panic within your team or at the very least wasted time. And with millions of social media profiles to follow, which feeds can you trust?

On Twitter, we recommend:

10. The profiles of the media titles above

11. Content tagged by #infosec, #cybersecurity, #netsec, #sysadmin. By doing this, you’ll see news as it breaks and identify new experts to follow.

On Reddit try the following subreddits:

12. r/cybersecurity, r/netsec, r/sysadmin. If you’re familiar with IFTTT, you can use it to send you notifications when something gains popularity on the feed so that you’re only monitoring the posts worth your time.

Vulnerability and Risk Advisory Feeds

This list wouldn’t be complete without risk advisory feeds, of which there are many:

13. SANS, one of the most trusted sources for cybersecurity training and research produces several newsletters

14. Cybersecurity and Infrastructure Security Agency for the US

15. The European Union CERT (CERT-EU)

16. Open CVE

17. CVE

18. The Computer Emergency Readiness Team Coordination Center (CERT/CC)

19. National Vulnerability Database

20. SecList.org

Vulnerability scanning

Of course, it requires a great deal of time and commitment to monitor so many sources; more than most cybersecurity teams can spare. And when a new vulnerability has been exposed, how can you be certain that you even have it? Modern technical infrastructure is so complex, and changing constantly, so most companies rely on a vulnerability scanner to inspect their systems for potential weaknesses.  

It is common for scans to take place as infrequently as quarterly. In this instance, critical vulnerabilities could be identified far too late, making the exercise of scanning almost redundant. We recommend using a vulnerability scanner on your external facing infrastructure once a month at least but as new vulnerabilities are discovered every day, some organisations may need weekly or even daily scans.

Proactive vulnerability scanning

With Intruder, you're able to find your weaknesses before the hackers do by running proactive vulnerability scans of your systems. Providing 24/7 monitoring, Intruder automatically scans users’ systems when new vulnerabilities are released, and notifies your team about newly discovered threats via Slack, email or Microsoft Teams.

Thanks to this unique approach, in January 2020, when a public exploit code was released that could be used to exploit the weakness of one of our clients, a leading law firm, we scanned the organisation’s systems on the same day, discovered a vulnerable system, and notified them of the issue with recommended remediation advice. This gave the client a head start with prioritising a fix for this serious weakness, allowing them the time they needed to put mitigations in place as soon as possible.

Whereas traditional vulnerability scanners are complicated to use, require in-house expertise, and significant time investment, Intruder was designed so that even small IT teams can achieve best-in-class cyber protection. It explains the real risks and provides remediation advice in easy-to-understand language, and it can integrate with AWS, GCP, Azure, JIRA or extend to 2,000+ other apps with Zapier.

Summary

While there is no way of ensuring your organisation is completely protected from a cyber breach, there are plenty of sources – from news to forums – to keep you on top of the biggest cyber threats to your business. But if your team doesn’t have the time needed to read every alert, then having a paid solution that will find your weaknesses before the hackers do, is your best bet.

‍