Published first in Dark Reading by Kelly Sheridan.
In an ideal world, organizations would patch every new vulnerability once it’s discovered. In real-life, this is impossible. Security analysts responsible for vulnerability management activities face multiple challenges that result in what the industry calls “The Patching Paradox” – common sense tells you to keep every system up to date in order to be protected, but this is not possible due to limited resources, existence of legacy systems and slow implementation of patches.
Verint’s Cyber Threat Intelligence (CTI) Group analyzed the top 20 vulnerabilities that are currently exploited by attack groups worldwide. The goal of this analysis is to provide security professionals with an incentive to improve their patching management activities.
Key Findings:
34% of the attacks exploiting these vulnerabilities, originated in China
45% of the vulnerabilities affect Microsoft products
Vulnerabilities from as early as 2012 (!) are still used to carry out successful attacks
According to the National Vulnerability Database (NVD), since 2016 we have seen an increase of ~130% in the number of disclosed vulnerabilities, or in other words there is an average of ~45 new vulnerabilities per day as can be seen in the graph below. Additional statistics reveal that almost 60% of all vulnerabilities are classified as ‘Critical’ or ‘High’.
Recent threat intelligence gathered by Verint and Thales Group about 66 attack groups ope ..
Support the originator by clicking the read the rest link below.
