Microsoft Exchange Vulnerability Creates a Call to Action for Business Leaders
On March 2, 2021, a serious security vulnerability within Microsoft Exchange Servers (email) was announced. This potentially impacts hundreds of thousands of organizations. If your organization uses Microsoft for email, there is a chance you could be impacted.
To properly address this wide-spread threat, be sure to ask your IT leaders the following:
- Do we use Microsoft Exchange on-premise?
- If you use Microsoft Online (Office 365), this is not impacted
- If so, have we scanned our Exchange log files for indicators of compromise (IOCs) associated with the vulnerabilities disclosed on March 2, 2021?
- Resources: Here are consolidated resources via the U.S. Cybersecurity & Infrastructure Security Agency, along with technical details from Microsoft and a timeline of events by investigative journalist Brian Krebs.
The Microsoft Exchange vulnerability has now been exploited by attackers at over 30,000 organizations (and growing). In conjunction with the recent SolarWinds vulnerability, these are stark reminders of our connectedness.
Decision Makers and IT Teams Must Connect to Prioritize Security Initatives
Unfortunately for many organizations, the connection between IT and c-suite leaders is not always a clear path. Leaders may feel as though their IT team is speaking another language and put a tremendous amount of trust in their knowledge and abilities. As cyber attackers continue to exploit vendor supply chains in pursuit of scalable ransom paydays, corporate leadership must support IT teams. With attacks lurking so close to home, organizations can no longer afford to bury their head in the proverbial sand.
IT teams can and should do far more than simply keep the lights on for an organization. Maintaining critical infrastructure is important, but making sure IT is prepared to handle the zero-day vulnerabilities to come is imperative. The vulnerability that affects the major corporations in the headlines could be the same vulnerability that affects your email servers. By that same token, the solution that can thwart a big breach is the same solution that can keep your organization safe, too.
When connected, decision makers and IT teams work more effectively to combat the “cause-and-effect” nature of cybersecurity as a whole. Prioritizing their security initiatives allows big breaches to be managed. Asking the questions that address these big breaches allow IT to implement the effective (and often simple) solutions.
To protect your organization, and the ones it connects to, leadership can support IT teams in implementing the following:
- Managing external exposure to make sure that attackers cannot infiltrate private networks from the public internet
- Implementing strong email gateways to protect users from malicious emails
- Creating an internal process for responding to a cybersecurity event — identify clear roles, responsibilities, and levels of decision-making authority.
- Using Endpoint Detection & Response (EDR) tools to stay vigilant against new threats, going beyond just “keeping the lights on”
- Understanding your cyber liability insurance, and how it responds and coordinates with your incident response plan, clearly and fully
Cyber insurance carriers are ready and willing to respond to this vulnerability, just as they have for so many incidents before. Insurance policies have clear and specific reporting requirements — and untimely reporting is one of the major reasons for denial of claims. Waiting to access the vendors and resources your cyber insurance policy affords may be the biggest mistake of all.
Today is the day to ask these timely questions of IT and avoid the next catastrophic zero-day vulnerability. Cooperation between IT and leadership may be the partnership to protect your company’s productivity and bottom line.