We are at a point in time when cybercriminals including ransomware gangs have established themselves as organized, illicit businesses rather than a one-person hacking operation. More and more ransomware groups have emerged and existing ones continue to prosper in terms of repeatedly attaining success with breaching prominent organizations.
The increased success of ransomware gangs, extortion groups, and DDoS attackers is by no means accidental. Behind a fancy group name is an organized structure comprising threat actors at different layers working in synchrony to fulfill the end goal, with each getting their cut.
CISOs preach the need to get security fundamentals right, yet many still struggle to build a rock-solid vulnerability management program.
They can be stymied by the volume of vulnerabilities that need attention, or the pace required to address them, or the resources required to be effective.
Consider, for instance, the challenges that security teams had in addressing the Log4j vulnerabilities. A recent survey from (ISC)², a nonprofit association of certified cybersecurity professionals, found that 52% of respondents spent weeks or more than a month remediating Log4j.