From phishing emails to malware attacks, there is a growing variety of cyber security threats that businesses must consider when working to protect vital data, but one risk that is often overlooked is unpatched software vulnerabilities.
All software has the potential to have bugs and security holes that attackers can take advantage of to gain unauthorised access to data or admin controls. Once these vulnerabilities are brought to the attention of software vendors, they release patch updates to fix the gap in security and protect users from harm.
The problem with this procedure is that it relies on users to check for and perform regular software updates on their own accord; a practice that is far too often forgotten, which is only getting worse as businesses continue to expand the number of software applications involved in their daily operations.
The Risk in Numbers
According to a 2018 study, an alarming 57% of respondents who had faced a security breach said that it was due to vulnerabilities in unpatched software. Additionally, 34% of these cybercrime victims were aware of the holes in their software but didn't patch them in time.
More recent research shows similar attitudes, with a 2020 study into remote working behaviours revealing that 1 in 5 employees don't keep their collaborative working & conference software (e.g. Zoom) up to date.
Automated Scans and Attacks
A recent study conducted by Barracuda has revealed attackers using old unpatched software vulnerabilities in their targeted attacks.
While analysing global data from attacks blocked by their systems over the last two months, Barracuda researchers found that cybercriminals are routinely probing for unpatched vulnerabilities - sometimes even years after the vulnerability was initially detected.
According to Barracuda, cyber criminals are benefiting from the knowledge that businesses don't always have the time or bandwidth to patch software right away, allowing them to continue their targeted attacks long after the software vulnerability has been 'fixed'.
“The study shows that cybercriminals continue to cycle through a list of known high-impact vulnerabilities to find any gaps that can let them into a network,” said Mark Lukie, systems engineer manager, Barracuda, Asia-Pacific. “In order to ensure that you don’t fall victim to this kind of attack, having a robust WAF/WAF-as-a-Service solution that can help you patch all known vulnerabilities will ensure that your cybersecurity posture remains watertight, and your organization remains protected now and in the future.”
Barracuda Web Application Firewall
Barracuda Web Application Firewall blocks an ever-expanding list of sophisticated web-based intrusions and attacks that target the applications hosted on web servers and the sensitive or confidential data to which they have access.
Placed between the Internet and web servers, Barracuda Web Application Firewall scans all inbound web traffic to block attacks, and scans outbound traffic to provide highly effective data loss prevention.