Many firms, individuals slow to patch security vulnerabilities
As the fallout from the WannaCry ransomware attack continues to be felt around the world today, a new study has an ominous warning for companies and individuals: the threat is growing and people are getting lazier about protecting themselves.
That is the message from the “Country Report” just released from Flexera Software, which reveals that the number of operating system vulnerabilities is increasing, while users are losing ground at patching them. Looking at PC users in the U.K. for example, the study found that the number of unpatched Windows operating systems rose from 6.1 percent one year ago to 9.0 percent in the first quarter of 2017.
“Despite the availability of patches – like the Microsoft patch that could have prevented harm from the WannaCry attack – an alarming number of companies and individuals simply did not apply them,” the study warned.
“Frankly, if you wait two months to apply a critical Microsoft patch, you’re doing something wrong,” noted Kasper Lindgaard, senior director of Secunia research at Flexera. “This time, we even had a warning in April that this could likely happen, so businesses need to wake up and start taking these types of threats and risks seriously. There is simply no excuse.”
Security vulnerabilities are errors in software that can work as an entry point for hackers – like the vulnerability exploited by the WannaCry ransomware attack, the study explains. They are a root cause for many security issues and can be easily exploited to gain access to IT systems.
“Today’s report is stunning because the Flexera data reveals the threat of harm from these attacks is actually increasing,” Lindgaard said. “But the opposite should be true. That’s because most known vulnerabilities have patches available on the date of their disclosure.”
In 2016 there were 17,147 vulnerabilities in 2,136 different products from 246 vendors, according to Flexera’s “Vulnerability Review.” Of those, 81 percent of all vulnerabilities had patches available on the day the product was released.