Security News 90% of Companies Get Attacked with Three-Year-Old Vulnerabilities

[LASER_oneXM]

A Fortinet report released this week highlights the importance of keeping secure systems up to date, or at least a few cycles off the main release, albeit this is not recommended, but better than leaving systems unpatched for years.

According to the Fortinet Q2 2017 Global Threat Landscape, 90% of organizations the company protects have experienced cyber-attacks during which intruders tried to exploit vulnerabilities that were three years or older. In addition, 60% of organizations were attacked with exploits ten years or older.

Organizations that did a relatively good job at keeping systems patched would have been able to block the attacks.

Nonetheless, it is always recommended that companies keep systems up to date at all times. This has been shown in the past year. First last year with a Joomla flaw that saw exploit attempts days after being disclosed, then again at the start of January when attackers started scanning for a recently disclosed WordPress flaw hours after the official announcement.

The focus on older exploits is simple to explain. Not all hackers are on the same skill level of nation-state cyber-espionage units, and most rely on open-sourced exploits. The older the vulnerability, the better the chances of finding a working exploit on one of the many exploit-sharing sites currently available online.

Weekend warriors
Furthermore, the Fortinet includes an interesting chart that shows attackers launching attacks mostly over the weekend.

There are a few simple explanations for these. First, there are no SIRT (Security Incident Response Team) responders at most businesses over the weekend. Second, most hackers have jobs as well, and the weekend is when most are free for "side activities."

 

[Deleted member 65228]

The damages a company could experience after a successful targeted attack can cost them millions or more (sometimes unrecoverable when it comes to credibility), it would be in their best interest to keep their systems updated. It does not matter if they have really good layered protection because if the software is insecure then it will be easier for an attacker to do a lot of damage!

If a company really wants to be secure from the latest threats then not only do they need good endpoint protection, but they also need to ensure the software is always updated for the latest security patches & that their staff are properly educated on cyber security so they do not end up making a big mistake while handling a dodgy e-mail, link, attachment, etc.

 

[HaMeR]

Is no that easy to update the os in a computer company. Most of updates carry incompatibilities with many programs