[BreachExchange] Cybersecurity Study Says Getting Hacked Is More Common Than Ever

Audrey McNeil audrey at riskbasedsecurity.com
Thu Nov 16 19:07:34 EST 2017


https://tech.co/cybersecurity-hacked-common-2017-11

Between global headlines and personal identity theft, hackers have become
one of the biggest problems facing the world today. Sure, cybersecurity
technology has been getting better, but it still can’t account for the
billions of people online, the millions of hackers trying to steal their
information, and the hundreds of digital paradigm shifts happening on what
feels like a daily basis. And unfortunately, data shows that things aren’t
getting better

According to the Q3 2017 VulnDB QuickView report from Risk Based Security,
there have been 16,006 vulnerabilities disclosed in the first three
quarters of 2017, representing a 38 percent increase from last year. This
is the highest number of vulnerabilities to date, which doesn’t bode well
for the future of cybersecurity.

To make matters worse, these numbers notably eclipse the numbers provided
by the CVE and National Vulnerability Database (NVD), with more than 6,000
vulnerabilities going unreported by the government repository. Even worse
still, 44.1 percent – over 2,700 – of those vulnerabilities not published
by NVD/CVE have a CVSSv2 score between 7.0 and 10, which include widely
deployed software used by many organizations. And that, in so many words,
is very bad.

“When hearing that so many vulnerabilities are missing from CVE/NVD, most
security professionals want to justify the gap by trying to convince
themselves that the vulnerabilities missed can’t possibly impact their
organization, and if they do, they must be low risk. However, just as our
previous reports have indicated, this isn’t the case…. Any security product
or tool that relies on CVE/NVD is putting your organization at serious
risk,” said Jake Kouns, Chief Information Security Officer for Risk Based
Security in a press release.

Fortunately, this news isn’t all doom and gloom. Despite most founders’
inability to take cybersecurity concerns seriously, most of the
invulnerabilities arising in this study do have an easy solution that could
save a lot of time, money, and stress.

“While our proprietary Vulnerability, Timeline, and Exposure Metrics (VTEM)
show that not all vendors are prioritizing and fixing vulnerabilities as
quickly as we would prefer, the good news is that 75.8 percent of 2017
vulnerabilities through September do have a documented solution,” added
Kouns.

If you didn’t know that you needed to make cybersecurity a priority at this
point in the game, you’re seriously dropping the ball. Small businesses are
particularly vulnerableto these attacks, as they are rarely set up with the
resources to fend off sophisticated hackers. However, protecting your
company from cyber attacks could be the most lucrative thing you do for
your company, so get on it!
-------------- next part --------------
An HTML attachment was scrubbed...
URL: <http://lists.riskbasedsecurity.com/pipermail/breachexchange/attachments/20171116/e4f8b8fb/attachment.html>


More information about the BreachExchange mailing list