Top 10 Security Vulnerabilities of 2013

More than half of all security vulnerabilities are caused by outdated and unpatched systems.

That’s one of the many findings of the 2014 Global Threat Intelligence Report by the NTT Group. The report reviews data from about 3 billion attacks in 2013.

Highlights of the report:

Top 10 external security vulnerabilities

More than 40% of external vulnerabilities found in 2013 were caused by outdated systems. More than 30% were attributed to outdated Apache servers.

Do your clients have any of these problems?


Top 10 internal security vulnerabilities

Eight of the top 10 internal vulnerabilities found in 2013 were caused by outdated systems. They represent 28% of the total.



Old vulnerabilities die hard

Outdated and unpatched systems accounted for 59% of all security vulnerabilities found in 2013. That is nearly four-times greater than any other cause.

Half of the vulnerabilities were at least one year old. They were first discovered between 2004 and 2011. This highlights a widespread lack of basic security best practices.

“Many organizations are not protected against common vulnerabilities which are included in widely distributed hacking exploit kits,” according to the report.

Top six types of vulnerabilities found were caused by:

  1. Patch management: 59%
  2. Application configuration: 15%
  3. Firewall configuration: 11%
  4. Operating system configuration: 7%
  5. Policy management: 6%
  6. Application development: 2%

Recommendations to improve security

A key finding of the report is that many organizations need to adopt basic, repeatable, and ongoing security measures.

The following recommendations are provided (more details in the report):

  1. Address the eroding perimeter
  2. Use effective patch management to protect against real-world threats
  3. Define and test incident response
  4. Take advantage of new technologies and techniques


Related resources

NTT Group 2014 Global Threat Intelligence Report

4 Security Insights via 2014 Verizon Data Breach Investigations Report

Top Malware Sites and Unsafe Servers

Written by Calyptix

 - June 3, 2014

About Us

Calyptix Security helps small and medium offices secure their networks so they can raise profits, protect investments, and control technology. Our customers do not waste time with security products designed for large enterprises. Instead, we make it easy for SMBs to protect and manage networks of up to 350 users.
call us
linkedin facebook pinterest youtube rss twitter instagram facebook-blank rss-blank linkedin-blank pinterest youtube twitter instagram