What is less well known is the fact that most of the successful breaches are accomplished via exploits that have been identified for literally years. This is according to a recent report published by Fortinet.
According to their second quarter Global Threat Landscape report, fully 90 percent of companies that have experienced a successful cyber-attack reported that the exploits used by the hackers were at least three years old. In 60 percent of successful attacks, the hackers relied on exploits that have been known about for at least a decade.
This underscores one of the biggest and most pervasive issues facing the corporate world today. Their IT staff simply isn’t keeping up with security patches. That’s not to say that hackers would be stymied and utterly shut out if security professionals kept up with all the latest security patches released by software vendors, but the statistics speak for themselves.
There’s simply no excuse for this. Any hack that’s on the order of three years old has almost certainly been addressed by the company responsible for maintaining the software, and that’s certainly true of security flaws that are a decade old, or older. As the above mentioned report explains, “Because so many organizations are slow to patch or replace devices and systems with known vulnerabilities, cybercriminals are shifting resources away from developing new ways to break into networks, and are instead focused on developing automated and intent-based tools designed to deliver more sophisticated payloads that are also increasingly difficult to detect and remove.”
In light of this report and its findings, if you’re a small business owner, now is the time to talk with your IT staff and make sure the software you’re using is up to date where patching is concerned. If it isn’t, the best thing you can do, based on the statistics, is to work with your IT management to formulate a plan that will get your software up to date, and keep it that way.