Software Vulnerabilities, Lack of Security Updates: A Major Cyber Threat

Software Vulnerabilities, Lack of Security Updates: A Major Cyber Threat

This post is also available in: heעברית (Hebrew)

22547623_s featureVulnerabilities in software regularly used by employees at work are the leading cause of internal cyber-security incidents in business. This was one of the conclusions drawn by the Global Corporate IT Security Risks 2013 survey, a study conducted by B2B International in collaboration with Kaspersky Lab this spring.

Vulnerabilities in legitimate software programs are a major source of corporate computer infections and critical data leakage. Approximately 39% of the survey participants said that over the past 12 months, this had been the case at least once for their organizations.

While the number of such incidents has fallen substantially since 2011 – from 47% to 39% – it is still high. In total, approximately 85% of companies have reported internal IT security incidents, and software vulnerabilities were the single biggest cause.

The highest percentage of incidents was noted in Russia, where 51% of survey respondents were affected. 43% of companies based in Asia-Pacific encountered these issues, as did 38% of companies in North America. Japanese companies had the lowest frequency of vulnerability-related security problems at just 29%.

At the same time, 25% of survey participants suffered data leakages involving company business and caused by vulnerabilities in corporate software, while 10% of companies reported leakages of critical corporate data leading to financial losses.

IHLS – Israel Homeland Security

Vulnerabilities are ultimately the responsibility of developers, rather than companies using the software. But regardless of who is to blame, without extra protection, the company’s IT infrastructure will remain vulnerable until software developers release updates to patch these vulnerabilities.

That’s why using a security solution with advanced technologies facilitating the detection and interception of attacks launched via software vulnerabilities is critical for any company. An advanced security solution will also help prioritize the update of software programs once vulnerabilities have been detected.

These advanced technologies, which offer top-of-the-line protection against malware and other cyber threats, detect and block attempts to exploit vulnerabilities found in commonly used applications, effectively manage company workstations, and allow company IT professionals to centrally install security updates for the applications running on company computers.

These solutions deliver high-level security and protection for corporate IT infrastructures, even when the developers of popular software programs are not always quick to deliver updates for their own products — and can inadvertently introduce new vulnerabilities along with these updates.