Defending the Enterprise Part 2: The exploitation of unpatched systems

In part one of this series, I talked about defending the enterprise by strengthening the human firewall. In part two, I’ll focus on patching vulnerable systems.

Let’s take a look at some of the headlines from the last couple of years:

  • “Atlanta’s municipal government has been brought to its knees since Thursday morning by a ransomware attack.”
  • “Russian state hackers use ransomware to paralyze computers in Ukraine on the eve of the country’s independence day.”
  • “Hackers gained access to the information of 143 million Equifax customers, including their names, birth dates, drivers’ license numbers, Social Security numbers, and addresses.”

What do all these incidents have in common? Unpatched systems—which expose weaknesses that can be exploited by cybercriminals. If you still need convincing that unpatched systems pose a massive threat, consider these stats from a recent Ponemon Institute study that surveyed nearly 3,000 IT professionals worldwide on their patching practices.


continue reading »