Companies are always looking for the new technology that will protect them from cyber attacks. Yet, F-Secure experts say that most companies get breached through one of two ways. And neither have anything to do with zero day vulnerabilities, which, they say, receive much more attention than they’re due.
“From our investigations, we know that most companies fall victim to attackers either because of unpatched software with known vulnerabilities, or because of the human factor, for example people falling victim to phishing emails,” says Janne Kauhanen, cyber security expert at F-Secure. Kauhanen says in essence, all other security measures are just secondary measures designed to catch attacks that happen because of these two reasons. “And still, companies are fixated on zero days and the newest methods of attack, which are often fairly restricted and obscure.”
A new security vulnerability is identified every 90 minutes,* and several thousands of vulnerabilities are disclosed every year. On average, it takes 103 days for a vulnerability to be remediated.* In contrast, according to Gartner, “the time it has taken from a patch coming out to when an exploit appears in the wild has dropped from 45 days to 15 days during the past decade.”** Gartner notes that, “on average, vulnerabilities that are exploited at day zero (aka with no knowledge of the vendor or no prior remediation being available) are about 0.4% of total vulnerabilities each year during the past decade.”**
The massive WannaCry crypto-ransomware outbreak is the most recent example of a known vulnerability being exploited to great effect. The outbreak, which has infected systems in dozens of countries and impacted a wide range of sectors including transportation and health services, is based on a Windows Server Message Block (SMB) vulnerability, MS17-010, that had been patched by Microsoft in March. The spread of the worm would have been reduced had more systems been kept up to date. Telemetry from F-Secure’s vulnerability management tool, Radar, indicates that 15% of hosts run Windows SMB. The WannaCry outbreak dramatically illustrates why admins should make sure SMB is properly patched and is not exposed to the public Internet.