Learning from NotPetya

Vulnerability prioritization tools allow defenders to proactively patch (CYR3CON screenshot).
  • A fast-moving cyber attack may not afford any reaction time — making prevention (as opposed to remediation) the most cost-effective option
  • Attackers know defenders are overwhelmed with software vulnerabilities — which is why they continue to successfully employ known (but un-patched) vulnerabilities in attacks
  • Existing malware and exploits available to attackers is known — and this information can be leveraged to make better preventative decisions
  • If an enterprise improperly assesses cyber risk, they become more vulnerable to a rare but extremely expensive attack like #NotPetya

--

--

Get the Medium app

A button that says 'Download on the App Store', and if clicked it will lead you to the iOS App store
A button that says 'Get it on, Google Play', and if clicked it will lead you to the Google Play store