In the first half of 2018, analysts at computer security firm Risk Based Security (RBS) published 10,644 flaws in a computer system (known as vulnerabilities) that could be exploited by a hacker to take unauthorized actions within the system. Of the total number of vulnerabilities, there is no known solution for 25.6%.
Half the reported vulnerabilities can be exploited remotely and nearly a third (32.1%) have publicly available hacks (technically known as exploits). Web-related vulnerabilities accounted for just over 46% of the total for the first half of the year.
Brian Martin, vice-president of vulnerability intelligence for Risk Based Security, said:
The task of protecting digital assets has never been so critical to businesses as we continue to see a rise in compromised organizations and data breaches. Your vulnerability intelligence solution is a cornerstone of your defense strategy.
The RBS report indicates that 16.6% of the reported vulnerabilities received high or critical scores on a scale known as the common vulnerability scoring system (CVSS). The number of these types of flaws was down slightly year over year, however, the severity levels remain significant and require organizations to remain vigilant.
In the first quarter of 2018, the month of February posted both the most new vulnerabilities with the number of low-severity CVSS scores in the first half of the year and the highest number of critical vulnerabilities. RBS attributes the spike to more than 280 critical vulnerabilities patched in Samsung mobile devices.
About two-thirds of the vulnerabilities exposed in the first half of this year were due to insufficient or improper input validation, including, among other things, problematic cross-site scripting and shell command injection.
RBS notes that flaws of this kind demonstrate the difficulties software vendors face in validating untrusted input from users. The moral of the story is that companies can’t be too careful.
24/7 Wall St.Take This Retirement Quiz To Get Matched With A Financial Advisor (Sponsored)
Take the quiz below to get matched with a financial advisor today.
Each advisor has been vetted by SmartAsset and is held to a fiduciary standard to act in your best interests.
Here’s how it works:
1. Answer SmartAsset advisor match quiz
2. Review your pre-screened matches at your leisure. Check out the
advisors’ profiles.
3. Speak with advisors at no cost to you. Have an introductory call on the phone or introduction in person and choose whom to work with in the future
Take the retirement quiz right here.
Thank you for reading! Have some feedback for us?
Contact the 24/7 Wall St. editorial team.
Editors' Picks
