90% of businesses hacked via old, unpatched exploits

Companies are paying the price for failing to follow basic security guidelines

Hackers have successfully attacked nine out of 10 businesses with exploits that are more than three years old, new research has revealed.

Two-thirds of attacks over the course of Q2 2017 were ranked as either high or critical severity, Fortinet's latest Global Threat Landscape report found, while 60% of businesses were hit by an exploit relating to a flaw dating back more than a decade.

Advertisement - Article continues below

"Something we don't talk about often enough is the opportunity everyone has to limit bad consequences by employing consistent and effective cybersecurity hygiene," said Fortinet CISO Phil Quade. "Cyber criminals aren't breaking into systems using new zero-day attacks, they are primarily exploiting already-discovered vulnerabilities."

"This means they can spend more of their resources on technical innovations making their exploits difficult to detect. Newer worm-like capabilities spread infections at a rapid pace and can scale more easily across platforms or vectors."

The data reaffirms an oft-repeated mantra within the security community, that if companies do not follow basic security hygiene guidelines, their business and their users will pay the price.

The report , which collects data from three million of Fortinet's network devices and sensors deployed in customers' live production environments, also confirmed that hackers are actively exploiting businesses' working hours, with the average daily volume of attacks doubling at weekends when IT and security staff are likely to be out of the office. This led to a total of almost 45% of all exploit attempts occurring on Saturday and Sunday.

Advertisement
Advertisement - Article continues below
Advertisement - Article continues below

Unsurprisingly, file-sharing applications were a common vector for security threats to enter organisations. Businesses that allowed employees to use a large number of peer-to-peer file-sharing applications reported seven times as many botnets and malware instances as those who did not, while proxy applications reported a nine-fold increase.

The number of exploits is also growing, increasing 30% compared to the first three months of 2017 to 1.8 billion daily attacks.

Featured Resources

Staying ahead of the game in the world of data

Create successful marketing campaigns by understanding your customers better

Download now

Remote working 2020: Advantages and challenges

Discover how to overcome remote working challenges

Download now

Keep your data available with snapshot technology

Synology’s solution to your data protection problem

Download now

After the lockdown - reinventing the way your business works

Your guide to ensuring business continuity, no matter the crisis

Download now
Advertisement

Recommended

Malware attacks using machine identities doubled in 2019
cyber security

Malware attacks using machine identities doubled in 2019

4 Aug 2020
Russia hacked Liam Fox's personal email to steal trade documents
phishing

Russia hacked Liam Fox's personal email to steal trade documents

4 Aug 2020
British teenager charged over Twitter hack
hacking

British teenager charged over Twitter hack

3 Aug 2020
Mid-year report says vulnerabilities up 22% in 2020
hacking

Mid-year report says vulnerabilities up 22% in 2020

30 Jul 2020

Most Popular

How to find RAM speed, size and type
Laptops

How to find RAM speed, size and type

3 Aug 2020
How to use Chromecast without Wi-Fi
Mobile

How to use Chromecast without Wi-Fi

4 Aug 2020
How do I fix the Windows 10 Start Menu if it's frozen?
operating systems

How do I fix the Windows 10 Start Menu if it's frozen?

3 Aug 2020