F-Secure Threat Report: Patch management is a key security asset

Don’t leave your back door open to cyber attacks

Author: Eija Paajanen
Date: 23.04.2015
Read Time: 2 Minutes

All businesses have something of worth to online criminals, but not all businesses face the same threats.

For the average small or medium-sized company, good security is usually about protecting themselves against attacks that are based on opportunity. The cyber crooks out there want to pick the low-hanging fruit by targeting easy victims.

For larger and politically or socially important businesses, the threat landscape can look totally different, with specially targeted attacks or even governmental spying.

F-Secure’s Threat Report H2 2014 investigated the details of the threat landscape. Let’s look at the dangers for a typical small or medium-sized business, who has nothing of special interest, but will, as said, still have business assets that are interesting to someone.

Top 10 PC malware in 2014
TOP 10 PC threats in 2014

The fact that vulnerability-leveraging malware is increasingly dominant among detections means that there are a lot of unpatched operating systems and 3rd party applications and software – and these are easy targets. Our earlier studies show that about 80% of TOP10 malware could be avoided with up-to-date software. Yet, software seems to be left unpatched, leaving the business environment open to attacks.

Exploit kits are one form of attack that targets existing vulnerabilities. These toolkits are planted on websites and will exploit vulnerabilities found on a visitor’s device to drop malware on the machine. Reports for these, especially for the AnglerEK type have skyrocketed.

Unpatched Java or Windows platforms continue to be common targets even though Java as a platform is no longer as big a target as before.

On mobile platforms, Android is still the number 1 target.

Attacks on social media platforms are also becoming more popular. Kilim malware, which targets Facebook, has already reached the top 10 malware.

With the number of attacks targeting existing software vulnerabilities still increasing, it is more important than ever to keep all your software patched and up to date. Automatic patching tools can make this much easier for your IT admins.

Post Comment

Fill in your details below or click an icon to log in:

WordPress.com Logo

You are commenting using your WordPress.com account. Log Out /  Change )

Google+ photo

You are commenting using your Google+ account. Log Out /  Change )

Twitter picture

You are commenting using your Twitter account. Log Out /  Change )

Facebook photo

You are commenting using your Facebook account. Log Out /  Change )

Connecting to %s