Patch Management Failures Accelerate Cybercrime
Patch management, which should be the top of any CIO/CSO’s security priority and can prevent network hacks, malware infections and even simple human error, is an area often overlooked by businesses. Inevitably, failures in patch management of vulnerable systems are leading to top-notch cybercrime, according to a new Global Threat Intelligence Report, which also states botnet attacks as the biggest single threat in the cyber world.
The report prepared by managed security services provider, Solutionary (now part of NTT), analyzed about 300 million events in the past one decade and gathered customers’ networks gathered through 139,000 network devices, such as intrusion-detections systems, firewall and routers and came to this conclusion.
Nearly 50% of the exploitable vulnerabilities identified have been publicly known for at least two years, yet they remain open for an attacker to find and exploit, said the report. This indicates that many organizations today are unaware, lack the capability, or don’t perceive the importance of addressing these vulnerabilities in a timely manner.
“There’s kind of a throw it over the wall’ mentality,” said Don Gray, chief security strategist at Solutionary in the report, noting vulnerability-assessment information wasn’t being acted upon effectively in organizations, despite the growing awareness on cyber security. moreover, the report notes that effective log monitoring remains a challenge.
“Enterprises are required to provide details about the devices, platforms, applications and databases they have when asking for log monitoring. But during and after this “discovery process,” about half of organizations realize there are IT assets they didn’t even know about. In addition, one third of the organizations have some of this IT infrastructure configured “in a manner that does not provide the security information required to meet their needs,” said the report.
Incident response was another challenge as the report reveals that 77% of the organizations involved had no incident response teams or procedures in place to respond effectively to a significant cyber incident, the report says. The remaining 23% has some incident response planning available, but “very few were mature or well-managed.”
In terms of types of attacks faced by organizations, botnet activity aimed against the organization was the largest type, constituting 34% of all attacks, followed by denial-of-service attacks, application-specific attacks, service-specific attacks and “network manipulation,” such as DNS attacks.
The report notes that while patch management takes a lot of time to set up, and is not cheap, it is well worth the investment up front. However, it has warned that CIOs and security officers should look into the various software tools that help organize a patch management process and select vendors carefully that offer these tools.
- HR Managers See CRM As An Effective Business Tool
- Even Minor Glitches And Breaches Can Kill Brands
- Myriad Possibilities Of The Application Economy
- Third Party Digital Cos Will Generate Over $31 Bn This Year
- Blockchain, Distributed Ledgers Will Take Time To Mature: Gartner
- NetApp Appoints Senior Execs To Strengthen India Business
- Hybrid Cloud Deployment Leads To Massive Cost Savings: Study
- This Malware Can Hit Hundreds Of Banks, Warn Researchers
- AI, Digital Currency To Bring Disruption In 2017: Study
- Weekly Rewind: Top 10 Stories On CXOToday (Aug 7-12)