Importance of Vulnerability Management in the Fight Against Ransomware

Runecast, was one of the keynote speakers at our recent Wisdom of the Crowds event in London. The focus of the keynote was how getting your foundation right and focusing on the basics when it comes to vulnerability management can help in the fight against ransomware.

Cyber ​​​​Management Alliance recently concluded one of its most successful Wisdom of Crowds events in London. The main theme of the event was ‘Largest Cyber ​​Attack Exercise’ and the event was well attended by leading UK InfoSec professionals. We also had keynote addresses from leading cyber security companies including Runecast, Semperis and Dope.Security.

The Runecast keynote was delivered by Marcus Strauss, CPO of Runecast Solutions. Runecast started about 8 years ago as an IT operations management company. Over the years, Runecast has evolved beyond security best practices and started adding security hardening guidelines and moved into vulnerability assessment, compliance assessment, etc.

Marcus’ keynote was titled “Back to Basics – The Importance of Vulnerability Management in the Fight Against Ransomware.” He talked about how “going back to basics” can help in the fight against this massive scourge in the cyber security industry today.

In typical Wisdom of Crowds style, Marcus moved away from offering Runecast solutions as such and his main theme focused more on educating the participants.

Vulnerability management basics, as summarized by Marcus, include:

1. Know what and where your key assets are.
2. Understanding the level of vulnerability in your environment.
3. Understanding your endpoints, data center environments, and infrastructure.
4. Assess your risk appetite.

Marcus moved on to a brief discussion about ransomware and how it is rearing its ugly head all over the world. When we think of ransomware, we often think of phishing and the human element.

But there is a very large segment of ransomware that is directly connected to Common Vulnerabilities and Exposures (CVE). Exploiting vulnerabilities in the environment and performing lateral movements and harvesting made the attacks more targeted. This means that ransomware is now attacking your critical infrastructure and areas that actually run your business.

Therefore, the point becomes clear – only by reducing the vulnerability in your environment, you can significantly reduce the risk. Basics like vulnerability assessment and security hardening can help you achieve this significantly.

When it comes to vulnerability management, Marcus listed the following as the main basic steps that all organizations must take:

1. Know where all your critical assets and information are.
2. A meeting between your teams – IT infrastructure, DevOps, DevSecOps. They need to be able to speak the same language, look at the same data and understand the same results.
3. Preparedness: Good vulnerability management hygiene.
4. Configuration Drift: Knowing how your configuration changes over time.
5. Prioritizing risks and using data to understand risk-based prioritization.

The Runecast keynote led by Marcus was the perfect example of how interactive and lively the sessions at Wisdom of Crowds events are. Not only did he keep the focus of the discussion on insights that the audience really wanted, his speech was followed by lively exchanges among those present. They asked questions, challenged the presenter, offered their real perspectives and engaged meaningfully for much better outcomes for everyone.

This is the hallmark of our Wisdom of the Crowds events. Each event brings forth a wealth of shared knowledge and collaborative thought leadership among the cybersecurity community. The events attract a niche audience of leading InfoSec professionals who enrich the sessions with their own input and insights.

There is room for unparalleled interaction and engagement, as well as group meetings and activities that allow participants to work closely with their colleagues from different organizations. Fresh perspectives, unparalleled collaboration, and the opportunity to network with peers and other influential cybersecurity leaders are what make our Wisdom of Crowds events unique.

For more information on becoming a representative and/or sponsor at Wisdom of Crowds events.