Malware Remains Top Cause of Cybersecurity Incidents

By

See insights from the recent security report from Orange Cyberdefense.

Malware was responsible for 40 percent of confirmed cybersecurity incidents in 2022, as measured by Orange Cyberdefense and detailed in a recent report. According to the Security Navigator 2023 report, "Network & Application Anomalies" was the second highest incident type at 19 percent, followed by "System Anomalies" at 11.5 percent.

The report also states that "large" organizations (>10,000) had five times more confirmed incidents than small or medium-sized organizations. "In total large organizations were responsible for 72 percent of the confirmed incident count in 2022."

The free, 64-page report details threats by type, industry vertical, and geographic region, along with responses and insight about how to protect your organization. This information, says Laurent Célérier, helps "identify the underlying trends that are being confirmed (for example, the untenable pressure of vulnerabilities, with an average patching time that we observe to be 215 days), the technical and geographical evolutions (particularly in terms of ransomware), but also to study the scope and impact of the major events that marked the past year, whether geopolitical (war in Ukraine) or technical (Log4j crisis)."

Specifically, the report's vulnerability scan data shows that:

  • 28% of all findings are addressed in less than 30 days.
  • 72% of all findings take 30 days or more to patch.
  • 52% of all findings take 90 days or more to patch.
  • The average age of findings is 215 days.

Regarding vulnerability management, the report also notes that "an average of 50 new vulnerabilities are discovered every day so … it's impossible to patch them all." What's important, says Mélanie Pilpré, is "focusing on the real risk using vulnerability prioritization to correct the most significant flaws and reduce the company's attack surface the most."

01/16/2023

Related content

  • News for Admins
    In the news: StarlingX 8.0 Edge Platform; Synopsys Report Shows "Alarming" Increase in High-Risk Vulnerabilities; Akamai Connected Cloud; Red Hat Enterprise Linux Available on Oracle Cloud; Wine 8.0; LibreOffice 7.5; Veracode Report Tracks Security Flaws Over the Application Lifecycle; and Malware Remains Top Cause of Cybersecurity Incidents.
    more »
  • News for Admins
    In the news: NIST Updates Cybersecurity Framework; Poor Cloud Security Practices Put Organizations at Risk; ORNL and NOAA Launch New Supercomputer for Climate Research; DOE Envisions New High Performance Data Facility; VMware Updates Tanzu with New Security Features; Microsoft Launches AI-Powered Security Copilot; IBM Deploys First Quantum Computer Dedicated to Healthcare Research; LPI Announces IT Security Essentials Certification
    more »
  • Prepare Now for New Cybersecurity Regulations
    more »
  • Photo by Fancycrave on Unsplash
    Vulnerability assessment best practices for enterprises
    A vulnerability assessment is an important step toward protecting an organization's critical IT assets.
    more »
  • News for Admins
    In the news: DHS Releases New Guidelines for Securing Critical Infrastructure; Datadog Report Examines DevSecOps Best Practices; Upskilling Key to Tech Staffing Challenges, Says LF Survey; 2024 Open Source Pros Job Survey Report Released; OpenSSF Issues Guidance to Help Prevent Social Engineering Attacks; Black Duck Supply Chain Edition Released by Synopsys; Spectra Logic Announces New Tape Libraries and Management Software; LPI Launches Open Source Essentials Program; Apache Software Foundation Celebrates 25 Years; SUSE Announces Rancher Prime 3.0; NSA Issues Zero Trust Guidelines for Network Security; and NIST Releases Major New Version of Cybersecurity Framework.
    more »
comments powered by Disqus