May 27, 2020

New Federal Guidance Outlines Cyber Vulnerabilities

By Deborah A. Cmielewski, Esq.

The United States Department of Homeland Security Cybersecurity and Infrastructure Security Agency (“CISA”), the Federal Bureau of Investigations (“FBI”) and the broader United States government have issued joint guidance, AA20-133A, identifying the top cybersecurity vulnerabilities continuing to plague both private and public sector organizations (the “Guidance”). Through the Guidance, CISA, the FBI and the Federal government seek to reinforce the importance of patching known vulnerabilities on a regular basis and maintaining proper programs to address threats by sophisticated foreign cyber actors. 

The Guidance details the top ten (10) most exploited vulnerabilities for 2016 through 2019 as well as the routinely exploited vulnerabilities for 2020. Included in the 2020 list are cyber threats associated with the rapid move to telework in light of the COVID-19 public health crisis, including (i) the increased targeting of unpatched Virtual Private Network vulnerabilities; (ii) poor security configurations related to cloud collaboration services, such as Microsoft Office 365, which left organizations vulnerable to attack; and (iii) structural weaknesses that lead to the increased risk of ransomware attacks. The Guidance highlighted training issues, lack of appropriate system recovery and the failure to maintain contingency plans as common weaknesses.

The Guidance also includes a number of mitigations for the 2016 through 2019 vulnerabilities as well as the vulnerabilities exploited thus far in 2020. In addition to technical information, the Guidance identifies the free scanning and testing services offered by CISA to assist organizations in their cyber vigilance.

With the prolonged reliance on remote communications in light of COVID-19, all organizations must be vigilant in continuing to monitor cyber threats; updating policies and procedures; and training staff to identify and address issues. Schenck Price is available to assist organizations in these important efforts.

For more information, contact Deborah A. Cmielewski, Esq. at dac@spsk.com or 973-540-7327.