Top 10 Security Vulnerabilities of 2013 Top 10 Security Vulnerabilities of 2013

Top 10 Security Vulnerabilities of 2013

by Calyptix, June 3, 2014

More than half of all security vulnerabilities are caused by outdated and unpatched systems.

That’s one of the many findings of the 2014 Global Threat Intelligence Report by the NTT Group. The report reviews data from about 3 billion attacks in 2013.

Highlights of the report:

Top 10 external security vulnerabilities

More than 40% of external vulnerabilities found in 2013 were caused by outdated systems. More than 30% were attributed to outdated Apache servers.

Do your clients have any of these problems?

top-10-external-security-vulnerabilities

Top 10 internal security vulnerabilities

Eight of the top 10 internal vulnerabilities found in 2013 were caused by outdated systems. They represent 28% of the total.

top-10-internal-security-vulnerabilities

 

Old vulnerabilities die hard

Outdated and unpatched systems accounted for 59% of all security vulnerabilities found in 2013. That is nearly four-times greater than any other cause.

Half of the vulnerabilities were at least one year old. They were first discovered between 2004 and 2011. This highlights a widespread lack of basic security best practices.

“Many organizations are not protected against common vulnerabilities which are included in widely distributed hacking exploit kits,” according to the report.

Top six types of vulnerabilities found were caused by:

  1. Patch management: 59%
  2. Application configuration: 15%
  3. Firewall configuration: 11%
  4. Operating system configuration: 7%
  5. Policy management: 6%
  6. Application development: 2%

Recommendations to improve security

A key finding of the report is that many organizations need to adopt basic, repeatable, and ongoing security measures.

The following recommendations are provided (more details in the report):

  1. Address the eroding perimeter
  2. Use effective patch management to protect against real-world threats
  3. Define and test incident response
  4. Take advantage of new technologies and techniques

how-to-avoid-ransomware-report-CTA

Related resources

NTT Group 2014 Global Threat Intelligence Report

4 Security Insights via 2014 Verizon Data Breach Investigations Report

Top Malware Sites and Unsafe Servers

2 Comments


Leave a Reply

Your email address will not be published Required fields are marked *

You may use these HTML tags and attributes: <a href="" title=""> <abbr title=""> <acronym title=""> <b> <blockquote cite=""> <cite> <code> <del datetime=""> <em> <i> <q cite=""> <s> <strike> <strong>

*