All nine of the most dangerous enterprise vulnerabilities detected in the wild are more than three years old. This means that most enterprise vulnerabilities are not new or cutting edge, putting to rest many enterprise fears about “keeping up” with evolving data security risks. It’s clear from the data that it’s just as important to clean house and address existing vulnerabilities.
These new insights come from the 2015 Cyber Risk Report released by HP Security Research, which looks at how hackers exploit today’s threat landscape. As the report indicates, the past is a “prologue,” where old problems populate the threat landscape, even as new technologies like mobility open new doors. Mobile, however, fares little better. Web apps and mobile apps all are ripe with vulnerabilities and there was a huge recent jump in the number of Android ransomeware samples in Q4 of 2014, the most recent data sampled in the report.
In most cases where old problems affect enterprise vulnerability, a simple patch would have sufficed. For many, patches have been available for years. This begs the question, why weren’t the patches rolled out? It’s not insider maliciousness at play. Or mistakes. It’s neglect.
In some cases, IT security professionals are ignoring patches because they feel they may have bloat or may have unintended consequences. While this is true, as TechCrunch points out, any negative consequences are quickly remedied and a 3-year gap in patching vulnerabilities remains unacceptable. That’s neglect. As TechCrunch points out, IT cannot afford to overlook vulnerabilities:
Think about the size of your business. Now consider how many devices each employee plugs in to your network. For any given individual in your organization, it’s going to be at least two (i.e., a computer and a smartphone) and will often be three (i.e., a computer, a smartphone and a tablet). Every one of those devices is a node, and every node is a potential entry point for an attacker. Broad scale and timely action in cybersecurity is crucial for providing real protection to the underlying network.
While automating patches is key, it remains one of the many layers of security to meet today’s vulnerability landscape. As the HP Security Report re-iterates, “multi-layer defenses” are not a requirement.
Absolute Data & Device Security (DDS) is an adaptive endpoint security solution that can help meet today’s mobility vulnerabilities. Absolute DDS provides you with a persistent connection to all of your endpoints and the data they contain. Learn more here.