This should not be a surprise. The report only provides some numbers to confirm it.
Exploiting known vulnerability is the easiest method. Why go searching for a path when you can use a GPS.
They also found pretty common problems (Inventory, Logging, Incident response issues)
According to the article:-
Solutionary looked at the latest exploit kits used by hackers, which include exploits from as far back as 2006. Solutionary found that half of the vulnerability scans it did on NTT customers last year were first identified and assigned CVE numbers between 2004 and 2011.
That is, half of the exploitable vulnerabilities we identified have been publicly known for at least two years, yet they remain open for an attacker to find and exploit," Solutionary said in its Global Threat Intelligence Report. "The data indicates many organizations today are unaware, lack the capability, or don't perceive the importance of addressing these vulnerabilities in a timely manner."
A "There's kind of a throw it over the wall' mentality," says Don Gray, chief security strategist at Solutionary, noting vulnerability-assessment information wasn't being acted upon effectively in organizations.
The Solutionary report also notes that effective log monitoring remains a challenge for several reasons
During and after this "discovery process," about half of organizations realize there are IT assets they didn't even know about.
Solutionary found that 77% of the organizations involved had no incident response teams or procedures in place to respond effectively to a significant cyber incident,
The links below has more information:-
No comments:
Post a Comment