eDiscovery Daily Blog

• June 24, 2019

There are plenty of reasons that organizations experience a data breach, including weak or stolen passwords (despite the availability of two factor authentication technology to thwart those efforts).  Here’s another common cause of data breaches: unpatched vulnerabilities in your software.

According to ZDNet (Cybersecurity: One in three breaches are caused by unpatched vulnerabilities, written by Steve Ranger – hat tip to Sharon Nelson’s excellent Ride the Lightning blog here), more than one in three IT professionals (34 percent) in Europe admitted that their organization had been breached as a result of an unpatched vulnerability according to a survey by security company Tripwire.  The overall average isn’t much better at 27 percent.

Why?  Software vendors are constantly publishing new patches to fix problems in software that they have sold. It’s then up to the users of the software to apply the patches – or else risk leaving themselves open to attack via the backdoors that the vendors failed to spot when building the product in the first place.

But the sheer volume of patches, with many vendors publishing new fixes on a monthly basis, and the need to test those patches to ensure that they don’t cause other unexpected problems, means that there’s often a delay in getting systems secured. That leaves a gap that hackers can exploit.

Finding the stuff that needs patching can be a challenge: 59 percent of respondents said they can detect new hardware and software on their network within hours, but it’s a difficult manual effort for many, with 35 percent saying less than half of their assets are discovered automatically.  As a result, nearly half (42 percent) of respondents take more than a week to deploy security patches in their environment.

And, there are often several patches to implement per month – 42 percent of respondents indicated that they patch at least 10 vulnerabilities per month, 15 percent said at least 50 per month, 6 percent said more than 100 per month.  Four out of five companies said they had stopped using a product because of a vulnerability disclosure.

The 2017 WannaCry ransomware attack was probably the clearest example of what can go wrong when patches aren’t applied; while a patch for the vulnerability exploited by the ransomware had existed for several months many organizations such as parts of the UK’s National Health Service had failed to use it.  Now, that really makes you wanna cry!

So, what do you think?  Are you aware of a data breach that occurred because of an unpatched vulnerability in the organization’s software?  As always, please share any comments you might have or if you’d like to know more about a particular topic.

Sponsor: This blog is sponsored by CloudNine, which is a data and legal discovery technology company with proven expertise in simplifying and automating the discovery of data for audits, investigations, and litigation. Used by legal and business customers worldwide including more than 50 of the top 250 Am Law firms and many of the world’s leading corporations, CloudNine’s eDiscovery automation software and services help customers gain insight and intelligence on electronic data.

Disclaimer: The views represented herein are exclusively the views of the author, and do not necessarily represent the views held by CloudNine. eDiscovery Daily is made available by CloudNine solely for educational purposes to provide general information about general eDiscovery principles and not to provide specific legal advice applicable to any particular circumstance. eDiscovery Daily should not be used as a substitute for competent legal advice from a lawyer you have retained and who has agreed to represent you.