90% of businesses hacked via old, unpatched exploits

Companies are paying the price for failing to follow basic security guidelines

Hackers have successfully attacked nine out of 10 businesses with exploits that are more than three years old, new research has revealed.

Two-thirds of attacks over the course of Q2 2017 were ranked as either high or critical severity, Fortinet's latest Global Threat Landscape report found, while 60% of businesses were hit by an exploit relating to a flaw dating back more than a decade.

"Something we don't talk about often enough is the opportunity everyone has to limit bad consequences by employing consistent and effective cybersecurity hygiene," said Fortinet CISO Phil Quade. "Cyber criminals aren't breaking into systems using new zero-day attacks, they are primarily exploiting already-discovered vulnerabilities."

"This means they can spend more of their resources on technical innovations making their exploits difficult to detect. Newer worm-like capabilities spread infections at a rapid pace and can scale more easily across platforms or vectors."

The data reaffirms an oft-repeated mantra within the security community, that if companies do not follow basic security hygiene guidelines, their business and their users will pay the price.

The report , which collects data from three million of Fortinet's network devices and sensors deployed in customers' live production environments, also confirmed that hackers are actively exploiting businesses' working hours, with the average daily volume of attacks doubling at weekends when IT and security staff are likely to be out of the office. This led to a total of almost 45% of all exploit attempts occurring on Saturday and Sunday.

Unsurprisingly, file-sharing applications were a common vector for security threats to enter organisations. Businesses that allowed employees to use a large number of peer-to-peer file-sharing applications reported seven times as many botnets and malware instances as those who did not, while proxy applications reported a nine-fold increase.

The number of exploits is also growing, increasing 30% compared to the first three months of 2017 to 1.8 billion daily attacks.

Featured Resources

Shining light on new 'cool' cloud technologies and their drawbacks

IONOS Cloud Up! Summit, Cloud Technology Session with Russell Barley

Watch now

Build mobile and web apps faster

Three proven tips to accelerate modern app development

Free download

Reduce the carbon footprint of IT operations up to 88%

A carbon reduction opportunity

Free Download

Comparing serverless and server-based technologies

Determining the total cost of ownership

Free download

Recommended

RATDispenser evades nine in ten anti-virus engines
Security

RATDispenser evades nine in ten anti-virus engines

24 Nov 2021
Hackers use Linux backdoor on compromised e-commerce sites with software skimmer
malware

Hackers use Linux backdoor on compromised e-commerce sites with software skimmer

19 Nov 2021
Out-of-hours ransomware attacks have a greater impact on revenue
ransomware

Out-of-hours ransomware attacks have a greater impact on revenue

18 Nov 2021
Millions of routers and NAS devices vulnerable to BotenaGo malware
malware

Millions of routers and NAS devices vulnerable to BotenaGo malware

12 Nov 2021

Most Popular

What should you really be asking about your remote access software?
Sponsored

What should you really be asking about your remote access software?

17 Nov 2021
How to move Microsoft's Windows 11 from a hard drive to an SSD
Microsoft Windows

How to move Microsoft's Windows 11 from a hard drive to an SSD

24 Nov 2021
Sabbath hackers are targeting US schools and hospitals
ransomware

Sabbath hackers are targeting US schools and hospitals

29 Nov 2021