Connect with us

Hi, what are you looking for?

Tech & Science

macOS Security Update: Cybersecurity implications are all too apparent

Even after you have considered the risk trade-offs and tested and patched the latest critical vulnerability, the work is not done.

Photo by Samsung Memory on Unsplash
Photo by Samsung Memory on Unsplash

The recent critical security update for macOS Monterey, one that includes arbitrary code vulnerabilities, has caused a stir in relation to computer system vulnerability. The issues were both zero-days and they have already been exploited (CVE-2022-32894 and CVE-2022-32893).

Staying on top of patches is hard, especially for larger enterprises. However, it remains that time is of the essence. Without implementing the appropriate updates then most organizations are in the unfortunate position that gives potential adversaries ample time to attack.

Russ Miller, CTO of OPSWAT MetaAccess, a firm that works with critical infrastructure protection (CIP) cybersecurity solutions, has set out his top 5 challenges of patch management that organizations should know to Digital Journal.

These recommendations are:

There are a variety of systems and applications

Every organization now has a mixture of operating systems and 3rd-party applications. Likely, this means macOS, Windows, Linux and more, as well as apps from hundreds of different vendors.

Hybrid workers with systems that are only occasionally connected to a domain

It is hard enough to stay on top of devices you directly manage, but it is more challenging and maybe even more critical to ensure bring your own device (BYOD) or contractor devices are patched before accessing your organization’s resources.

Even urgent critical security patches need some amount of testing

In addition caution is required when rolling out to ensure they do not impact availability. Doing this requires process and automation that supports incrementally releasing a patch to larger groups of devices.

On-going visibility and monitoring of vulnerable systems are a must

Even after you have considered the risk trade-offs and tested and patched the latest critical vulnerability, the work is not done. It is still vital to monitor actively to ensure a device that may have not been connected when you were reacting to the threat is patched when it connects back to resources. You need both visibility into any devices that are not patched, and ongoing protection from a vulnerable device.

There is a shortage of security and IT staff

One common challenge for any size security or IT organization is too few resources for the day-to-day work, let alone the fire drills that each high-profile vulnerability triggers.

Miller concludes the assessment stating: “While looking to alleviate these challenges, organizations should look for solutions that can provide visibility into application vulnerabilities, operate on-premises or remote, can be gradually rolled out in the event of hidden risks, and allow them to enforce different policies for different groups of devices. Additionally, proactively communicating remediation steps to the end-users makes them more likely to patch their own devices sooner.”

Avatar photo
Written By

Dr. Tim Sandle is Digital Journal's Editor-at-Large for science news. Tim specializes in science, technology, environmental, and health journalism. He is additionally a practising microbiologist; and an author. He is also interested in history, politics and current affairs.

You may also like:

Business

It’s long been proven that British workers put in some of the longest weekly hours at work.

Business

As CIO, my office shapes every employee's experience from the first day.

Business

A phosphate facility operated by Morocco's state-owned OCP near Laayoune in the disputed Western Sahara - Copyright AFP/File Fadel SENNAIsmail BELLAOUALIA global fertiliser supply...

Business

Amid economic gloom fuelled by soaring inflation and fears of China's weaker energy demand, the two global crude benchmarks remain close to their lowest level...