Report: Top 10 Known Vulnerabilities Accounted for 97% of Cyberattacks in 2014
April 16, 2015
While cyberattack methods are getting more sophisticated in some ways, the bulk of them are relying on decades-old techniques, which are working because companies are lax in using all the tools already at their disposal, according to a new report from Verizon. The company’s 2015 Data Breach Investigations Report found cybercriminals are exploiting old vulnerabilities, even though patches preventing those particular vulnerabilities have been available sometimes for years. As a result, the company said, it’s important to have access to and install old patches. But, while 10 known vulnerabilities accounted for nearly 97 percent of the attacks in 2014, there are countless other ways an organization’s network could be attacked.
“Prioritization will definitely help from a risk-cutting perspective, but beyond the top 10 are 7 million other exploited vulnerabilities that may need to be ridden down,” the authors of the report said. “And therein, of course, lies the challenge; once the ‘mega-vulns’ are roped in (assuming you could identify them ahead of time), how do you approach addressing the rest of the horde in an orderly, comprehensive, and continuous manner over time?”
The report also debuted a new method for calculating the financial impact of a security breach based on the type and number of records stolen. Verizon said 95 percent of the time, a breach involving 10 million records will cost between $2.1 and $5.2 million, with a top end of nearly $74 million.