IT security professionals have admitted that a third of cybersecurity breaches are the result of vulnerabilities that they should have patched.
Software vendors are constantly publishing new patches to fix problems in software that they have sold. It's then up to the users of the software to apply the patches or else risk leaving themselves open to attack via the backdoors that the vendors failed to spot when initially building the product.
But the sheer volume of patches, with many vendors publishing new fixes on a monthly basis, and the need to test those patches to ensure that they don't cause other unexpected problems, means that there's often a delay in getting systems secured. That leaves a gap that hackers can exploit.
A study by Tripwire revealed that many organizations could be doing more to manage their vulnerabilities.
Supporting this conclusion, 27 per cent of survey participants said their employer had suffered a data breach as the result of an unpatched vulnerability. The rate was even higher for European organizations at 34 per cent.
Tim Erlin, vice president of product management and strategy at Tripwire, said this lack of asset discovery capabilities is a problem because it limits the overall effectiveness of an enterprise vulnerability management program:
Erlin further explained: “How you assess your environment for vulnerabilities is important if you want to effectively reduce your risk. If you are not doing authenticated vulnerability scans, or not using an agent, then you are only giving yourself a partial picture of the vulnerability risk in your environment.”
Varonis Blog Highlights 110 Cybersecurity Statistics
Cybersecurity company Varonis has issued its predictions for the forthcoming year with a blog post entitled 110 Cybersecurity Statics For 2020. The blog states that cybersecurity issues are becoming a day-to-day struggle for businesses. Recent trends and cybersecurity statistics reveal a huge increase in hacked and breached data from sources that are increasingly common in the workplace, like mobile and IoT devices.read more
UK To Go On The Cyber Offensive
The UK Government is about to launch a new proactive and offensive cybersecurity team that will wage cyberwarfare against hostile nation-states and online crime organisations. It would be naive to believe that the UK has not launched cyberattacks against third parties, but the killing of Qassem Soleimani has brought this out into the open.read more
Are You Ready For Iranian Revenge Cyberattacks?
Following the killing of Qassem Suleimani no-one can be sure of what military action Iran will take, but experts agree that its cyberattacks will increase against countries and governments it sees as hostile.read more
Ringing The Changes For IOT Security
Buying and installing a cyber-doorbell through which you can monitor callers even if you are away from home makes sense, yes? Not unless you are a user from Alabama who has launched a $5million legal against action after it is alleged that a hacker cracked the Ring doorbell and started harassing the family.read more