Malware Remains Top Cause of Cybersecurity Incidents

By

See insights from the recent security report from Orange Cyberdefense.

Malware was responsible for 40 percent of confirmed cybersecurity incidents in 2022, as measured by Orange Cyberdefense and detailed in a recent report. According to the Security Navigator 2023 report, "Network & Application Anomalies" was the second highest incident type at 19 percent, followed by "System Anomalies" at 11.5 percent.

The report also states that "large" organizations (>10,000) had five times more confirmed incidents than small or medium-sized organizations. "In total large organizations were responsible for 72 percent of the confirmed incident count in 2022."

The free, 64-page report details threats by type, industry vertical, and geographic region, along with responses and insight about how to protect your organization. This information, says Laurent Célérier, helps "identify the underlying trends that are being confirmed (for example, the untenable pressure of vulnerabilities, with an average patching time that we observe to be 215 days), the technical and geographical evolutions (particularly in terms of ransomware), but also to study the scope and impact of the major events that marked the past year, whether geopolitical (war in Ukraine) or technical (Log4j crisis)."

Specifically, the report's vulnerability scan data shows that:

  • 28% of all findings are addressed in less than 30 days.
  • 72% of all findings take 30 days or more to patch.
  • 52% of all findings take 90 days or more to patch.
  • The average age of findings is 215 days.

Regarding vulnerability management, the report also notes that "an average of 50 new vulnerabilities are discovered every day so … it's impossible to patch them all." What's important, says Mélanie Pilpré, is "focusing on the real risk using vulnerability prioritization to correct the most significant flaws and reduce the company's attack surface the most."

01/16/2023

Related content

  • News for Admins
    In the news: StarlingX 8.0 Edge Platform; Synopsys Report Shows "Alarming" Increase in High-Risk Vulnerabilities; Akamai Connected Cloud; Red Hat Enterprise Linux Available on Oracle Cloud; Wine 8.0; LibreOffice 7.5; Veracode Report Tracks Security Flaws Over the Application Lifecycle; and Malware Remains Top Cause of Cybersecurity Incidents.
  • News for Admins
    In the news: NIST Updates Cybersecurity Framework; Poor Cloud Security Practices Put Organizations at Risk; ORNL and NOAA Launch New Supercomputer for Climate Research; DOE Envisions New High Performance Data Facility; VMware Updates Tanzu with New Security Features; Microsoft Launches AI-Powered Security Copilot; IBM Deploys First Quantum Computer Dedicated to Healthcare Research; LPI Announces IT Security Essentials Certification
  • Prepare Now for New Cybersecurity Regulations
  • Vulnerability assessment best practices for enterprises
    A vulnerability assessment is an important step toward protecting an organization's critical IT assets.
  • News for Admins
    In the news: US Agencies Issue Quantum-Readiness Recommendations; Bitwarden Secrets Manager; IBM X-Force Releases Detection and Response Framework for Managed File Transfers; National Strategy to Expand US Cyber Workforce; SEC Adopts New Rules for Disclosure of Cybersecurity Incidents; Canonical Announces Real-Time Ubuntu for Intel Core; EU-US Data Privacy Framework Ensures Safe Data Transfers; IEEE Releases New Standard for LiFi Communications; EU Health Sector Security Risks; and JupyterLab 4.0.
comments powered by Disqus