In today’s cybersecurity environment, new security threats develop on a frequent basis. This fact is causing many companies to over-emphasize the latest security issues and overlook older, yet far more frequently exploited vulnerabilities.
In a report conducted by TrustWave, analysis showed that major companies are employing “vulnerability chasers” to search out the latest vulnerabilities and zero-day threats while overlooking the most common ones. The result of these “vulnerability chasers” is the continued impact of old and supposedly well-understood vulnerabilities.
The report discovered that the top three ways hackers gained initial access to networks in 2009 were via remote access applications, trusted internal network connections, and SQL injection attacks – all three of which have been well researched and established for up to 10 years. In most cases the report found that the vulnerabilities unearthed were common, well-understood, and should have been addressed long ago.
There are several measures you can take to mitigate the risks posed by older and often overlooked vulnerabilities. One step is to maintain a complete asset inventory due to the risk unknown assets pose to data. Maintaining an up to date list is vital to protecting them. It is also necessary to decommission older legacy systems and keep a close monitoring process on third-party relationships to make sure they are not introducing unwanted vulnerabilities.
You can read the full article here: Old Security Flaws Still a Major Cause of Data Breaches