14:00 CET, 14th February 2012 By Secunia.
Copenhagen, Denmark, February 14th, 2012 – Internet users are at risk from the rapid growth in software security flaws - specifically end-point vulnerabilities - according to the latest Yearly Report (for 2011), released today by Secunia, the leading provider of IT security solutions that help manage and control vulnerability threats. And, the company claims, businesses should be doing far more to help themselves by improving their patching strategies which are often less than adequate.
According to the report, third-party programs rather than programs from Microsoft are almost exclusively responsible for the growth in vulnerabilities, with the share of third-party vulnerabilities on a typical end-point, increasing from 45% in 2006 to 78% in 2011.
78% of vulnerabilities in 2011 affected third-party programs, by far outnumbering the 12% of vulnerabilities found in operating systems or the 10% of vulnerabilities discovered in Microsoft programs. The report shows that the number of end-point vulnerabilities increased once again in 2011 to over 800 vulnerabilities – a tripling within only a few years - more than half of which were rated by Secunia as either ‘Highly’ or ‘Extremely critical’.
The World Economic forum recently claimed that cyber crime is one of the biggest risks to global financial and political stability in 2012. “Many businesses are not doing enough to help themselves,” said Stefan Frei, Research Analyst Director, Secunia.
“By not addressing errors in software installed on typical end-points, organisations and individuals are in effect leaving their ‘windows’ wide open for cybercriminals to enter and compromise their most sensitive data,” he continued. “One problem often lies with the company’s security strategy. The programs that an organisation perceives as top priorities to patch as opposed to the programs that cybercriminals target are often vastly different. A typical corporate infrastructure contains layers of programs that organisations consider business-critical. Many organisations will focus on patching the top layer – business-critical programs – only. Cybercriminals, however, will target all programs and only need one vulnerable program to compromise the host.”
The Secunia Yearly Report reveals that for an organisation with over 600 programs installed in their network, more than 50% of the programs that are vulnerable in one year will not be vulnerable the next year, and vice versa. “Therefore identifying all installed programs and implementing an agile, dynamic patching strategy according to criticality in the remediation phase, as opposed to a short-sighted approach of only patching a static set of preferred programs, clearly wins in terms of achieving optimal risk reduction with limited resources. 72% of vulnerabilities had patches available on the day of disclosure; therefore the power to patch end-points is in the hands of all end-users and organisations,” concluded Frei.
Other findings of the report include:
The report can be downloaded from the Secunia website here.
Founded in 2002, Secunia is the leading provider of IT security solutions that help businesses and private individuals globally manage and control vulnerability threats, risks across their networks, and end-points. This is enabled by Secunia’s award-winning Vulnerability Intelligence, Vulnerability Assessment, and Patch Management solutions that ensure optimal and cost-effective protection of critical information assets.
Secunia plays an important role in the IT security ecosystem, and is the preferred supplier for enterprises and government agencies worldwide, counting Fortune 500 and Global 2000 businesses among its customer base. Secunia has operations in North America, the UK, and the Middle East, and is headquartered in Copenhagen, Denmark.
Thomas Kristensen, CSO, Co-founder
+45 2690 7565