How Software Patching Can Prevent The Next Breachpocalypse
While it’s easy to chalk up this Breachpocalypse to the evolving sophistication of cyber criminals, the power of new hacking tools and the difficulty of fighting against an international menace, that doesn’t tell the full story. The real shock behind the numbers is exactly how many breaches could have been prevented with an effective software patching process.
According to the Online Trust Alliance’s Cyber Incident & Breach Trends Report, a stunning 93% of reported breaches were completely avoidable. Regular patching, along with paying close attention to vulnerability reports and training employees to avoid malicious emails, could have saved international businesses and their customers billions of dollars in damage.
Despite the fact that patches are freely available, businesses of all sizes continue to struggle to patch devices across their network not only in the days after a patch is release, but quite often years after. Looking back a few years, the Verizon Data Breach Report 2016 showed that most exploits in 2015 came from vulnerabilities discovered in 2007, while vulnerabilities from as far back as 1999 still accounted for a significant amount of exploits.
No matter which way you measure it, 2017 will be remembered as the Year of the Data Breach. Record highs were hit for almost every type of data breach statistic available:
Total number of breaches in 2017 (44.7% increase from 2016)
Increase in ransomware attacks against business in 2017
Number of personal records exposed in 2017
Breaches that involved hacking (twice as high as in 2014)
Looking at 2017, two of the most notable hacks could have been prevented with an effective patching process:
The WannaCry ransomware campaign wreaked worldwide chaos, causing more than $8 billion in losses across more than 100 countries. The patch for the vulnerability exploited by WannaCry was available 59 days before the attack.
Equifax exposed the data of 143 million people, resulting in an estimated $600 million loss of shareholder value, lost business, remediation costs, and fines, not to mention immeasurable brand value and customer trust. In mid-May Equifax confirmed that attackers gained access to its system through a Apache Struts web-application vulnerability that had a patch available in March.
What keeps a company from promptly patching? Often it’s a combination of prioritization coupled with the difficulty effectively distributing patches across the enterprise. But make no mistake; patching is often the only thing keeping your company secure. The more you can keep your patches up to date, the more likely you’ll be protected against the next WannaCry and less likely you’ll become the next Equifax.
WINDOWS 7 のサポート終了に関するレポート
Microsoft は2020年1月14日、Windows 7 に対するサポートを正式に終了します。それにも関わらず、43%もの企業がいまだにこの古いプラットフォームを使用しているのです。企業が Windows 10 への移行からいかにかけ離れているか、また、移行における課題を学び、IT 部門のリーダーに WaaS に備えたソフトウェア配信戦略が必要な理由を探りましょう。
Related Blog Posts
The demand for both rich digital media and software security updates can strain an enterprise network. Bottlenecks can form from WAN overload, causing employees to feel disconnected from the corporate community and leaving remote devices open to security breaches. A...read more
Over the course of my career in streaming events, I have seen a lot. I have done webcasts in some of the smallest offices, on factory floors, as well as some of the biggest convention centers and hotel ballrooms in the world. I have even conducted a live...read more
When I was a Kollective customer at one of the largest banks in America, I developed an Online Video Team to manage on Demand publishing and live event streaming. Today, that team is an integral part of the planning and execution of hundreds live video events. These...read more