Reduce the risk of cyberattacks by 30% by simply applying patches
Some time ago, in one of by presentations, I shared with you some figures from a study of cybersecurity regarding the GAP that exists between detection of a vulnerability (or risk of cyberattacks) and the moment when the organizations apply a “patch.” At the time, the figure seemed to me very concerning, because it mentioned almost 2 months for simply applying a patch to a known vulnerability with an available solution (a “known error”, in terms of ITIL.:-))
I didn’t want to give much credit to this figure, because it seemed very high, but in light of a new study by Kaspersky, I am starting to think that it is true. According to this study, more than 30% of cyberattacks take advantage of vulnerabilities that have not been patched, which seems to lend credibility to the previous figures...(and if we also add the “non-policy” of secure passwords, then we arrive at figures that are dizzying...).
Management of patches and sophisticated passwords reduce the risk of cyberattacks by 60%.
I encourage you to read the previous article so that you can see some of the figures in more detail, but if you don’t feel like it, then I will give you a spoiler: the majority of vulnerabilities that are exploited in a cyberattack are not even from this year!! The majority of these vulnerabilities are many months (or even years) old, and therefore the figure for days of vulnerability could really be much worse.
With technology from 20 years ago, maintaining a minimally patched infrastructure could be a very complicated task, but today’s technology makes it easy thanks to automation! Find out what you have, in what condition you have it, where you have it, obtaining detailed and absolute knowledge of the patches yet to be deployed in each device, and being able to deploy them “with a single click,” would be a must have in the agenda of any systems manager.
Remember: Don’t let this happen - adopt measures from the first day!
I hope that you enjoy it, and farewell
Alejandro Castro, Proactivanet’s Technical Director