Many companies are currently focusing their security resources on addressing new potential exploits and trending vulnerabilities. Surprisingly, this may be a mistake. Dark Reading reports that the majority of ransomware attacks in 2022 leveraged old, previously-known vulnerabilities to attack companies. Around 76% of attacks exploited vulnerabilities from 2019 or earlier.
To improve what is data security at less than its best, companies need to start managing patches differently. Although it might be surprising, many attackers are not focused on just the latest and greatest exploits. Rather, they will use the ones that work or are most lucrative, and if organizations are letting their guard down around these old bugs, the old bugs are likely going to be the primary targets. This could cost you a lot of downtime and financial stress.
Patch Management is a Common Problem
Many companies fall behind on installing patches because installing and testing a new patch can be time-consuming and complicated. Developers and security professionals may feel there are more pressing concerns, and they often focus on combating the newest (or most newsworthy) exploits. Security teams often struggle to keep up with massive volumes of new vulnerabilities, which creates a backlog. If no one ever gets around to organizing and prioritizing that backlog, many vulnerabilities may go unnoticed until an attacker exploits them.
Surveys indicate that only 47% of companies patch vulnerabilities right away, 28% patch once per month or less, and 42% of companies who had their systems breached were already aware of the vulnerability used in the attack. Although patching is essential for data security, it’s difficult for organizations, especially small businesses, to address the hundreds of known exploits at any given time.
Ransomware Attacks Target Old Vulnerabilities
Another complicating factor is that some of the vulnerabilities are now so old that they aren’t included in commonly used scanners or watchlists. For example, the Known Exploits and Vulnerabilities (KEV) database, which many companies use to prioritize their patches, does not list 131 out of 344 of the exploits used last year.
Additionally, there’s a prioritization problem. While best practice is to prioritize high-risk vulnerabilities, over time, the medium and low-risk vulnerabilities frequently won’t receive a patch at all. High-risk vulnerabilities crop up every day, and addressing those first is necessary, but it does have the unintended consequence of pushing a medium-risk vulnerability further down the priority list. Often, that vulnerability falls so far down the list that it’s all but forgotten, which is great news for anyone looking to put ransomware on your machine or network.
All this in mind, old ransomware exploits are fairly easy to use to create novel problems for organizations. The overwhelming number of security challenges to address makes it difficult to keep up. However, it can be detrimental to businesses when a ransomware attack occurs; the average cost of a ransomware attack was over $4.5 million in 2022, and that doesn’t include the actual ransom payment, which can be exorbitant.
Managing the Ransomware Threat to Data Security
You shouldn’t just patch what you can and then hope for the best. Given the data on old vulnerability exploitation and how expensive a breach could be, you may want to consider implementing some automation tools or firewalls. These solutions can provide an extra layer (or two) of data security, which buys you more time to patch and reduces the number of available exploits.
Web Application and API Protection (WAAP) is one option worth looking into. A WAAP has detection capabilities that can help automate filtering your traffic. It reduces the amount of resources needed to deal with suspicious activity. Generally, a WAAP guards the network from unauthorized web traffic, minimizing the number of bad actors who can reach your vulnerabilities or access your data. Any attacker looking to run a ransomware attack will have much more difficulty if he is repeatedly blocked from accessing your applications.
For those pesky hackers that get past the WAAP, there are RASPs, or Runtime Application Self-Protection. This solution can terminate user sessions, alert security teams of unauthorized access or suspicious activity, and stop application execution when needed. Consistent monitoring and sensitivity to potential attacker behaviors make RASP a viable option for reducing the number of vulnerabilities an attacker can access.
Neither of these solutions will fix the old vulnerabilities in your environment, but they can act as shields for your network and applications, giving you more time to work through the patches on your list. They block hackers’ access to sensitive and valuable data, whether the data belong to you or to your customers, reducing the likelihood of an expensive ransomware attack.
Addressing old vulnerabilities is important for the continued security of your business and assets; however, many organizations struggle to address every item on their lists. Implementing automated protection for your data can help reduce your risk of becoming a victim of a ransomware attack and can free up some resources, allowing your security teams to address those lower priority vulnerabilities.
Top of the month
Resources3 months ago
How to Recover Deleted WhatsApp Messages without Backup (iOS/Android)
Resources9 months ago
How to Unlock iPhone if Forgot Passcode without Restore
News3 weeks ago
How to Restore Deleted Data from Android Phones without Backup
Resources2 weeks ago
Wealth DNA Code Reviews – (WARNING) What Customers Real Experience? Update 2023!