IT security professionals have admitted that a third of cybersecurity breaches are the result of vulnerabilities that they should have patched.
Software vendors are constantly publishing new patches to fix problems in software that they have sold. It's then up to the users of the software to apply the patches or else risk leaving themselves open to attack via the backdoors that the vendors failed to spot when initially building the product.
But the sheer volume of patches, with many vendors publishing new fixes on a monthly basis, and the need to test those patches to ensure that they don't cause other unexpected problems, means that there's often a delay in getting systems secured. That leaves a gap that hackers can exploit.
A study by Tripwire revealed that many organizations could be doing more to manage their vulnerabilities.
Supporting this conclusion, 27 per cent of survey participants said their employer had suffered a data breach as the result of an unpatched vulnerability. The rate was even higher for European organizations at 34 per cent.
Tim Erlin, vice president of product management and strategy at Tripwire, said this lack of asset discovery capabilities is a problem because it limits the overall effectiveness of an enterprise vulnerability management program:
Erlin further explained: “How you assess your environment for vulnerabilities is important if you want to effectively reduce your risk. If you are not doing authenticated vulnerability scans, or not using an agent, then you are only giving yourself a partial picture of the vulnerability risk in your environment.”
TrendMicro Midyear Cybersecurity Assessment
The first six months of 2019 saw organisations dealing with a broad range of incoming threats and, more urgently, tackling threats that had already gained a foothold in their systems, according to the midyear trend assessment carried out by TrendMicro.read more
DOS And DDOS - What's The difference
Online knowledge base Wikipedia suffered an outage at the weekend following a Distributed Denial Of Service (DDOS) attack. The company released a statement: "Wikipedia was hit with a malicious attack that has taken it offline in several countries for intermittent periods. The attack is ongoing and our Site Reliability Engineering team is working hard to stop it and restore access to the site."read more
Hackers Targeting Office 365 A Growing Threat
The UK's National Cyber Security Centre has published its incident trends report for October 2018 and April 2019 and it is not good news for Office 365 users. The report states that cloud services, and Office 365 in particular, have become the primary target observed in recent months.read more
New Canon Survey Reveals Critical Gaps in Companies' Cybersecurity Agendas
While digital transformation helps companies work smarter, there is a risk that the ongoing digitization may unlock a host of security vulnerabilities that can cost companies money, time, intellectual property, and customer trust. In its latest Office of the Future survey, released today by Canon USA.read more