If you’ve been looking into IT security lately you would have seen a lot of buzz around detecting ‘vulnerabilities’ and Vulnerability Scanning – and with good reason! Identifying security vulnerabilities in computer systems and the software running on them is now a crucial step in your cyber security plan.
Ok, so this sounds good, but what is a ‘vulnerability’ when we’re talking about cybersecurity?
A cyber vulnerability generally refers to a flaw in software code which allows hackers access your IT network or system. Cybersecurity vulnerabilities essentially weaken systems and open the door to cybercriminals.
There’s a huge range of possible cyber vulnerabilities and their numbers continue to grow. This is a serious risk as they leave your business open to a large range of threats including malware (malicious software), data breaches and account takeovers. It is widely agreed on by cybersecurity experts that its extremely important to patch hardware devices and software applications to protect against known vulnerabilities – the key is to find these vulnerabilities first.
Both software and hardware developers are constantly finding security vulnerabilities with their products. When these vulnerabilities are discovered, developers often work fast to release an update or ‘patch’ for their products to remediate the vulnerability.
Ideally, all web-users would know about and install the update before attackers exploit the vulnerability. But in reality, users of the software and hardware often have no idea that the vulnerability exists so patching by updating is not on their radar. This slow implementation of updates can mean that attackers are able to exploit vulnerabilities years after they have been discovered.
Just to highlight the importance of finding vulnerabilities here are some interesting (and frightening) stats:
75% of attacks in 2020 used vulnerabilities that were at least two years old
The Check Point Cyber Security Report 2021, found three out of four attacks took advantage of flaws that were reported in 2017 or earlier. And 18% of attacks utilized vulnerabilities that were disclosed in 2013 or before, making them at least seven years old.
Unpatched vulnerabilities were involved in 60% of data breaches
A 2019 Ponemon Institute Vulnerability Survey found that 60% of breach victims said they were breached due to an unpatched known vulnerability where the patch was not applied. However, 62% claimed they weren’t aware of vulnerabilities in their organizations prior to a breach.
To find out more about Vulnerability Scanning and how ThreatReady can help you to start scanning for weaknesses in your system, visit www.threatready.com.au today!