According to data from the National Institute of Standards and Technology’s (NIST) National Vulnerability Database (NVD), 7,038 new security vulnerabilities were added to the database in 2014, which is just above an average of 19 vulnerabilities a day. In this same year, 24% of the found and reported vulnerabilities were deemed severe. The problem, is that in 2013, only 4,794 vulnerabilities were reported, and 1,612 were designated high. The percentage may have gone down from 2013 to 2014, but the number of reported high severity vulnerabilities is up to 1,705.
The largest source of vulnerabilities was found in third-party applications, boasting about 80% of those reported. On the other hand, while this is a staggering number, operating systems were only responsible for 13%. The problem here, is operating systems are used across industries. Apple’s operating systems were at the top of the list, with Mac OS X contains 64 reported severe vulnerabilities, and iOS containing 32, which are also all severe. Microsoft Windows is labeled as containing less, having only 25 high vulnerabilities.
So, what does all this mean? Vendor management is a critical piece of security, and having knowledge of the extremely high amount of vulnerabilities requires IT and system administrators to continue patching systems with the latest updates as soon as they are released.
4 items that should be prioritized for patching are:
✓Operating systems:
✓Web browsers
✓Java
✓Free Adobe products.
REFERENCES
http://www.gfi.com/blog/most-vulnerable-operating-systems-and-applications-in-2014/
Related articles
GraVoc Wins Banker & Tradesman’s Best of 2023 Awards
GraVoc won a Silver Medal for Cybersecurity and a Bronze Medal for Web Design in Banker & Tradesman’s Best of 2023 readers’ choice awards!
What are the 12 PCI DSS requirements for compliance?
In this blog post, we provide an overview of the 12 PCI DSS compliance requirements from the PCI Security Standards Council.
KnowBe4 Cybersecurity Awareness Month Resource Kit 2023
This October, empower your employees to be cyber-safe with the FREE 2023 Cybersecurity Awareness Month resource kit from our partners at KnowBe4!