Saturday, 16th November 2019
Logo

Almost 10 percent of IT assets are vulnerable to exploitation

eSentire has released its Q1 2019 Quarterly Threat Report which reveals that 8% of externally-facing IT assets are susceptible of being exploited by a high or critical severity vulnerability as classified by the Common Vulnerability Scoring System (CVSS) v3.0 used by the National Vulnerability Database (NVD).

Between 2015 and 2019, data from exploit-db reveals that the number of distinct products with reported vulnerabilities has increased by 150 percent. Over this same period, the weaponization time for the creation of exploits to take advantage of these published vulnerabilities dropped from being several months to almost immediately. This drastic decrease in patching time has resulted in a situation where IT departments are faced with not having enough resources to identify and remediate critical vulnerabilities while having to continue to manage day-to-day business operations.

eSentire Threat Intelligence also observed that malicious traffic saw an almost 35 percent decline during the first quarter of 2019 when compared to the fourth quarter of 2018. This decline can be attributed to several factors including a reduced number of observed opportunistic exploitation campaigns and significant drop-off of coining malware detections which had seen a 1,500 percent increase in observations last year.

Additional Q1 2019 Quarterly Threat Report Findings:

  • The five most targeted industries are biotechnology, accounting, education, technology, and non-profits
  • Thursday the most popular day of the week for phishing attempts; with INTERAC, Facebook, and Microsoft being the most popular lures used
  • It took almost 40 hours for the majority of antivirus engines to be able to detect a new variant of Emotet malware
  • Over 60% of all malware enters businesses via email attachments
Datrium has released findings from its industry report on the State of Enterprise Data Resiliency an...
CybSafe invites cyber security professionals to contribute to new academic research into the impact...
FireMon has released its 2019 State of the Firewall report, the annual benchmark of current issues i...
Aqua Security is expanding into cloud security posture management (CSPM) with its acquisition of Clo...
Revolutionary SASE architecture eliminates the high cost and high latency of legacy solutions.
​​​​​​​​​​​​​​​Cybervore, Inc., a software company startup, has developed a new patented security te...
Security Orchestration, Automation and Response (SOAR) will rocket to address cyber attacks happenin...
Global survey reveals organizations need tools that support DevOps security.