Companies have on average between 100 and 120 days to install patches for vulnerabilities, giving them some time vulnerable to attackers. Some vulnerabilities are not patched, however. According to research (pdf) of Kenna Security among 50,000 companies.
While companies need between 100 and 120 days to deploy available security updates, shows that attackers operate much faster. Most vulnerabilities are namely attacked in the first 60 days since the release of the patch. Between 40 and 60 days, there is a chance of 90% that a vulnerability is attacked.
The researchers argue that in the case of unpatched vulnerabilities that are attacked often for very famous and ancient leak is where patches have long been available, but not installed by organizations. "When evaluating the data we got this over and over against", so let them know. For example, last year 121 000 successful attacks on a vulnerability in phpMyAdmin measure that had already been patched in 2010. Another example is the vulnerability that uses the Slammer worm. This vulnerability dates from 2002, but last year there were still 156 000 successful attacks using the vulnerability instead.
No comments:
Post a Comment