More than half of all security vulnerabilities are caused by outdated and unpatched systems.
That’s one of the many findings of the 2014 Global Threat Intelligence Report by the NTT Group. The report reviews data from about 3 billion attacks in 2013.
Highlights of the report:
Top 10 external security vulnerabilities
More than 40% of external vulnerabilities found in 2013 were caused by outdated systems. More than 30% were attributed to outdated Apache servers.
Do your clients have any of these problems?
Top 10 internal security vulnerabilities
Eight of the top 10 internal vulnerabilities found in 2013 were caused by outdated systems. They represent 28% of the total.
Old vulnerabilities die hard
Outdated and unpatched systems accounted for 59% of all security vulnerabilities found in 2013. That is nearly four-times greater than any other cause.
Half of the vulnerabilities were at least one year old. They were first discovered between 2004 and 2011. This highlights a widespread lack of basic security best practices.
“Many organizations are not protected against common vulnerabilities which are included in widely distributed hacking exploit kits,” according to the report.
Top six types of vulnerabilities found were caused by:
- Patch management: 59%
- Application configuration: 15%
- Firewall configuration: 11%
- Operating system configuration: 7%
- Policy management: 6%
- Application development: 2%
Recommendations to improve security
A key finding of the report is that many organizations need to adopt basic, repeatable, and ongoing security measures.
The following recommendations are provided (more details in the report):
- Address the eroding perimeter
- Use effective patch management to protect against real-world threats
- Define and test incident response
- Take advantage of new technologies and techniques