What CISOs need to do now
Kaspersky claims 270,000 corporate customers, although, to be clear, that includes all customers in the world. While many of its former customers have already moved on to other security products, those in the US still using its software need to make plans now. “Don’t wait until October, it’s the last minute to change because then it’s a business continuity issue. Now is the time to assess your risks and find out which parts of your infrastructure may be vulnerable or need to be replaced,” said Schaffer.
Tim Crawford, founder of the research and advisory firm Avoa, also argues against immediate action. “You have to go fast, don’t wait or take the opportunity to get close to that October deadline, because those programs that are not updated will be completely vulnerable, and hackers are waiting for you,” he told the CSO.
Part of the problem goes back to how deeply embedded anti-malware products are within the OS and network infrastructure. “There is a lot of time and effort involved in changing these types of products,” said Matthew Rosenquist, CISO at Mercury Risk and Compliance. “Finding the APIs that are affected, what telemetry is being sent and compatibility with other security tools, such as SIEM and other managed threat feeds, all of this will take time to properly test.”
Source link