For example, one thing companies should pay closer attention to is patching. Data from Verizon partner Risk I/O showed that just 10 vulnerabilities, some of them dating back to late 1990s and early 2000s accounted for almost 97 percent of all exploitation attempts.
At first glance this is encouraging, because everyone should have patches in place for those flaws by now. However, when looking at the total number of vulnerabilities that were targeted in 2014, a much darker picture emerges: attackers started exploiting half of them less than a month after they were publicly disclosed. Moreover, the patching window might actually be shorter because the time lines in the Verizon report are based on when the exploits were first detected; and there's always a lag between the actual launch of an attack and when it's first detected.
"These results undeniably create a sense of urgency to address publicly announced critical vulnerabilities in a timely (and comprehensive) manner," the Verizon team said.
Sign up for Computerworld eNewsletters.