Cybercrime , Endpoint Security , Fraud Management & Cybercrime

N-Day Vulnerabilities: The Critical Importance of Patching

Accenture's Roya Gordon on Making Better Use of Threat Intelligence
Roya Gordon, cyberthreat intelligence manager, Accenture

Roya Gordon of Accenture describes how rather than hunting for zero-day vulnerabilities, attackers are exploiting N-Day - or known - vulnerabilities. They often wait anywhere from two to 10 years after the patch has been released, knowing that in most cases the customer will not have implemented the patch, she says. She also discusses how to better synthesize and act on threat intelligence.

See Also: OnDemand | CybeRx - How to Automatically Protect Rockwell OT Customers from Today’s Cyber-Attacks

Gordon recommends that security teams use the tools that the threat actors are using, such as port scanners and pen testing kits, "and then address those weak points by patching and securing those ports before the threat actors can exploit them."

In a video interview with Information Security Media Group, she also discusses:

  • How criminals are exploiting N-Day vulnerabilities;
  • How to acquire a better understanding of which patches to prioritize;
  • How CISOs can better synthesize threat intelligence and act on it quickly.

As a cyberthreat intelligence subject matter expert at Accenture, Gordon focuses on cyber-adversary attack methodologies, malware targeting U.S. critical infrastructure, ransomware resilience, and ICS vulnerabilities. She has worked with academia, industry, national laboratories, and government agencies on various CTI initiatives. Prior to Accenture, Gordon worked at the Idaho National Laboratory, conducting cyberthreat analysis and assessments for the U.S. energy infrastructure. She also served six years in the United States Navy as a threat intelligence specialist.

About the Author

Anna Delaney

Anna Delaney

Director, ISMG Productions

An experienced broadcast journalist, Delaney conducts interviews with senior cybersecurity leaders around the world. Previously, she was editor-in-chief of the website for The European Information Security Summit, or TEISS. Earlier, she worked at Levant TV and Resonance FM and served as a researcher at the BBC and ITV in their documentary and factual TV departments.

Around the Network

Our website uses cookies. Cookies enable us to provide the best experience possible and help us understand how visitors use our website. By browsing, you agree to our use of cookies.