April 24, 2024

It’s a known fact that many attacks takes place due to a presence of vulnerabilities and exploits persists in the software that has not been updated, but the covid nightmare has made patching a cumbersome task. 71% consider patching overly complex and time-consuming.

COVID-19 has made a major shift to remote work, 57% of respondents said remote work had increased the complexity and scale of patch management. That shift, with employees connecting with various devices to access corporate networks, data and services as they work and collaborate from new and different locations, is said to have made patching harder than ever.

The complicated nature of dealing with a remote workforce is not the only challenge when it comes to patching, with other demands on time also playing a role. Some 62% of respondents said that patching often takes a back seat to their other tasks and 60% said that patching causes workflow disruption to users. 61% of IT and security professionals said business owners ask for exceptions or push back maintenance windows once a quarter because their systems cannot be brought down.

As threat actors mature their tactics and weaponize vulnerabilities, especially those with remote code execution, organizations struggle with attack surface risk and ways to accelerate patch and remediation actions. More than half of respondents said that organizing and prioritizing critical vulnerabilities takes up most of their time, followed by issuing resolutions for failed patches (19%), testing patches (15%) and coordinating with other departments (10%).

The WannaCry ransomware attack in 2017. That attack, which encrypted an estimated 200,000 computers in 150 countries, exploited a vulnerability in software where a patch for the vulnerability had existed for several months before the initial attack, yet many organizations failed to implement it.

https://sportsbites360.wordpress.com

Two years later in 2019, the same vulnerability used in WannaCry was still being exploited, and there was a 53% increase in the number of organizations affected with WannaCry ransomware from January to March this year, nearly four years after the initial attack.

These results come at a time when IT and security teams are dealing with the challenges of the Everywhere Workplace, in which workforces are more distributed than ever before, and ransomware attacks are intensifying and impacting economies and governments.Most organizations do not have the bandwidth or resources to map active threats, such as those tied to ransomware, with the vulnerabilities they exploit

Tags:

Leave a Reply

This site uses Akismet to reduce spam. Learn how your comment data is processed.

You may have missed

Red Ransomware Victimized Targus

April 23, 2024

Oracle Virtual Box Vulnerability PoC Released – CVE-2024-21111

April 22, 2024

CrushFTP Zeroday Vulnerability Exploited in Wild attack

April 21, 2024

TheCyberThrone Security Week In Review – April 20, 2024

April 21, 2024

MITRE Breached Exploiting Ivanti Zeroday

April 20, 2024

GPT-4 can exploit vulnerabilities with ease

April 19, 2024

Discover more from TheCyberThrone

Subscribe now to keep reading and get access to the full archive.

Continue reading