IT security professionals have admitted that a third of cybersecurity breaches are the result of vulnerabilities that they should have patched.
Software vendors are constantly publishing new patches to fix problems in software that they have sold. It's then up to the users of the software to apply the patches or else risk leaving themselves open to attack via the backdoors that the vendors failed to spot when initially building the product.
But the sheer volume of patches, with many vendors publishing new fixes on a monthly basis, and the need to test those patches to ensure that they don't cause other unexpected problems, means that there's often a delay in getting systems secured. That leaves a gap that hackers can exploit.
A study by Tripwire revealed that many organizations could be doing more to manage their vulnerabilities.
Supporting this conclusion, 27 per cent of survey participants said their employer had suffered a data breach as the result of an unpatched vulnerability. The rate was even higher for European organizations at 34 per cent.
Tim Erlin, vice president of product management and strategy at Tripwire, said this lack of asset discovery capabilities is a problem because it limits the overall effectiveness of an enterprise vulnerability management program:
Erlin further explained: “How you assess your environment for vulnerabilities is important if you want to effectively reduce your risk. If you are not doing authenticated vulnerability scans, or not using an agent, then you are only giving yourself a partial picture of the vulnerability risk in your environment.”
Kaspersky Highlights Information Security In Loss Figures
To budget for information security, companies need to consider factors such as average potential losses, preferably by incident type, as well as other businesses’ average, outlays on security, Says the latest security report from Kaspersky.read more
Half Of Global Organisations Not Prepared For Cyberattacks
It is believed that more than 4,000 cyberattacks occur daily worldwide, but half of organisations across the globe admit they are not prepared for such events.read more
Secure Your Physical Business Against Data Theft
Data theft does not just happen in cyberspace, but in the physical business environment, too. Lax physical security can allow criminals to access your computers, filing cabinets, documents left on desktops, etc. Here are some tips for you to ensure your everyday working environment is safe and secure.read more
UK Launches Third NCSC Annual Review
Paymaster General and Minister for the Cabinet Office Oliver Dowden MP has launched the UK's National Cyber Security Centre's third Annual Review. In his presentation speech, he said: "Thank you, everyone, for joining us this morning. Cybersecurity is genuinely a massive priority for the government and it gives me great pleasure to launch the National Cyber Security Centre’s third Annual Review.read more