Joint Cyber Program UK | US and Australia Press Release
On 28th July 2021 Washington, D.C. releases a press confirmation stating the new joint cyber advisory between the giants “ACSC” (Australian Cyber Security Centre), “NCSC” (United Kingdom’s National Cybersecurity center), “FBI” (Federal Bureau of Investigation), “CISA” ( Cybersecurity and Infrastructure Security Agency) highlighting the common vulnerability and exposures exploited by cybercriminals in 2020 and vulnerabilities mostly exploited in many sectors globally. Cybercriminals continue to exploit publicly known software vulnerabilities against broad target sets, including public and private sector organizations Globally. It’s recommended that organizations should apply the available patches for the most common vulnerabilities listed in the joint cybersecurity advisory and implement a centralized patch management program.
One of the main findings is that ‘4’ of the most targeted vulnerabilities in 2020 involved remote work, VPNs, or cloud-based technology. Many VPNs gateway devices remain unpatched till now, with the growth of remote work options due to the pandemic challenging the ability of organizations to conduct rigorous patch management systems. In 2021, malicious cybercriminals continued to target vulnerabilities in devices. This advisory lists the vendors, products, and common vulnerabilities and exposures associated with these vulnerabilities, which organizations should urgently patch.
In the cybersecurity domain, getting into the basics right is most important. Organizations that imply the best practices of cybersecurity, such as patching, can reduce the risk to cybercriminals exploiting the known vulnerabilities in the networks,” given by Eric Goldstein, Executive Assistant Director for Cybersecurity, CISA. “Collaboration is a very important part of CISA’s work and today we partnered with the ACSC, NCSC, and FBI for highlighting cyber vulnerabilities that public and private organizations should prioritize for patching to lower risk of being exploited by malicious criminals.
The press stated that they are committed to working together and closely with the allies to raise the awareness of global cyber threats —and present actionable solutions to mitigate them,” said NCSC Director of Operations Paul Chichester. “The advisory published yesterday puts the power in every organization’s hand to restore the most common vulnerabilities, such as unpatched VPN gateway devices. Working closely with our global partners, we will continue to raise awareness of the threats posed by those that seek to cause damage.”
The best practice to mitigate many vulnerabilities is to update software once patches are available and as soon as is practicable. Focusing on cyber defense resources on patching those vulnerabilities that malicious cybercriminals most often use should be ingrained in every organization’s culture. This approach offers the potential of bolstering network security and impeding the disruptive, destructive operations of our adversaries.