Exploring reaction to the BCI's Continuity and Resilience Report

Exploring reaction to the BCI's Continuity and Resilience ReportOn 6th November 2018 the Business Continuity Institute issued a new survey-based report entitled ‘The Continuity & Resilience Report: Raising the impact of Business Continuity’. The report has received significant criticism from business continuity consultant and author David Lindstedt. In this article, Continuity Central’s editor, David Honour, examines David Lindstedt’s reaction to the report and offers an assessment of some of the points made.

Read the article

Business continuity trends and challenges 2019

Business continuity trends and challenges 2019For the past five years Continuity Central has conducted an online survey asking BC professionals about their expectations for the year ahead. We are repeating the survey again this year

Take part in the survey

Managing mission critical applications in 2019

Jerry Melnick2019 could see major changes in the way that organizations manage their mission critical applications. Jerry Melnick looks at developments that he expects to see in the areas of cloud, high availability, DevOps, IT operations analytics and artificial intelligence.

Read this article.

Ten cyber security predictions for 2019

Ian KilpatrickIt’s the time of year where we start looking ahead to the New Year and the possible changes that may occur in the threat landscape. In this article, Ian Kilpatrick makes ten predictions for changes that may occur in the cyber security environment.

Read this article

Tenable, Inc., has published its latest Vulnerability Intelligence Report, which provides an overview of real-world current vulnerability trends and insights into how organizations assess and respond to new cyber risks. The research found that enterprises identify 870 unique vulnerabilities on their systems every day, on average. Of those, more than 100 vulnerabilities are rated as critical on the common vulnerability scoring system (CVSS) — an industry standard measurement.

The Vulnerability Intelligence Report’s findings confirm that managing vulnerabilities is a challenge of scale, volume and velocity. The Tenable Research team analysed anonymised data from 900,000 vulnerability assessments across 2,100 enterprises. The team estimates that the industry is on track to disclose up to 19,000 new vulnerabilities in 2018, an increase of 27 percent over 2017. Yet in 2017, public exploits were available for seven percent of all vulnerabilities, meaning that 93 percent of all vulnerabilities posed only theoretical risk. For most vulnerabilities, a working exploit is never developed and of those, an even smaller subset is actively weaponised by threat actors, making it difficult to understand which vulnerabilities to remediate first, if at all.

This lack of rigorous prioritisation means that organizations are struggling to assess and manage more vulnerabilities than ever and consequently, they are unable to make strategic technology decisions. For example, Adobe Flash will be unsupported from 2020 onward and is not commonly used in most enterprise environments. Yet Adobe Flash still lingers in enterprise environments and its vulnerabilities  represent half of the 20 most prevalent application vulnerabilities in enterprise environments.

“When everything is urgent, triage fails. As an industry, we need to realise that effective reduction in cyber risk starts with effective prioritisation of issues,” said Tom Parsons, senior director of product management, Tenable. “To keep up with the current volume and velocity of new vulnerabilities, organizations need actionable insight into where their greatest exposures lie; otherwise, remediation is no more than a guessing game. This means organizations need to focus on vulnerabilities that are being actively exploited by threat actors rather than those that could only theoretically be used.”

To address this deluge of vulnerabilities, Tenable has launched ‘Predictive Prioritisation’, an innovation which will provide organizations with the capability to prioritise those vulnerabilities which pose the greatest actual risk to the business. With Predictive Prioritization, Tenable is combining a variety of data sources and threat intelligence with advanced data science algorithms to determine the probability of a vulnerability being leveraged by threat actors. Predictive Prioritisation will be generally available in 2019.