Ride the Lightning

27 Percent of Data Breaches Caused By Unpatched Vulnerabilities

June 19, 2019

ZDNet reported recently that security company Tripwire had found in a survey that unpatched vulnerabilities caused data breaches in 27% of organizations. The sheer volume of patches, with many vendors publishing new fixes on a monthly basis, and the need to test those patches to ensure that they don't cause other unexpected problems, means that there's often a delay in getting systems secured. That leaves a gap that hackers can exploit.

Just under half of companies said they aimed to deploy a security patch within a week, while over 90% of companies said that they would generally fix a flaw within a month. Nearly half of companies said they had to deal with less than 10 vulnerabilities a month; another 29% said they had 10-50 patches to apply every month. Four out of five companies said they had stopped using a product because of a vulnerability disclosure.

The 2017 WannaCry ransomware attack was probably the clearest example of what can go wrong when patches aren't applied; while a patch for the vulnerability exploited by the ransomware had existed for several months many organizations — notably, parts of the UK's National Health Service — had failed to install it.

I can understand a little delay – but not a lot. And the more significant the patch, the less I understand the delay. You would think that WannaCry would have given IT and security professionals religion – but apparently not.

Email:    Phone: 703-359-0700
Digital Forensics/Cybersecurity/Information Technology
https://senseient.com
https://twitter.com/sharonnelsonesq
https://www.linkedin.com/in/sharondnelson
https://amazon.com/author/sharonnelson