Nine in ten organisations globally were victims of security flaws that were three or more years old, notes Fortinet's 2017 Global Threat Landscape Report.
60% of organisations from around the world recorded security flaws that were over ten years old and remained unpatched.
Fortinet's 2017 Global Threat Landscape Report has revealed eye-opening details on the state of cyber security among organisations from around the globe. The report states that had organisations maintained effective levels of cyber hygiene or deployed security tools, they could have detected large-scale attacks like WannaCry and other ransomware attacks.
Those who survived the WannaCry attacks had either deployed security tools to detect such attacks or had applied patches from Microsoft as soon as they were made available.
However, not all organisations followed this practice and were thus victims of thousands of malware attacks that caused severe financial losses and disrupted operations. In the second quarter of this year alone, Fortinet identified 184 billion total exploit detections, 62 million malware detections, and 2.9 billion botnet communications attempts. Nearly 44% of all exploit attempts occurred on either Saturdays or Sundays.
Researchers at Fortinet added that while 90% of the security flaws were over three years old, 60% of them were first identified over ten years ago. This signifies how outdated systems are and how serious organisations are in patching their systems with the latest security fixes.
Businesses are also not consistently managing, updating or replacing vulnerable IoT devices of hyperconnected networks or existing software which is allowing hackers to gain the upper hand. Because of the lack of tolerance towards system downtime, applications, networks and devices are not being updated in proportion to existing security risks.
A large number of organisations also used peer-to-peer (P2P) applications and also allowed a lot of proxy applications, thereby endangering the security of their networks. It was observed that organisations using P2P applications reported seven times as many botnets and malware compared to those who didn't; and organisations allowing proxy applications reported almost nine times as many botnets and malware compared to those who didn't.
One of the few bright signs observed by Fortinet was that the use of HTTPS traffic compared to the old and unsecure HTTP traffic rose to 57%, thereby signifying that organisations are serious about the security of their communications over the web. However, IoT devices continue to be more vulnerable compared to traditional systems and over one in five organizations reported malware targeting mobile devices.
"Botnet attacks, whether used as denial of service attacks or as part of new botnet-based ransomworms like Hajime and Devil’s Ivy, are also reaching unprecedented levels. This is in large part due to the proliferation of highly vulnerable IoT devices. Q2 saw 2.9 billion botnet detections, representing an average of 993 daily detections per organization," said a blog post in Fortinet's website.
"Regularly scheduled patching, replacing older and outdated technology, and appropriately segmenting risky application and device traffic such as IoT and P2P, will go a long way towards reducing the potential attack surface and minimizing risk.
"But the rise in the sheer volume of data entering networks, combined with the increasing percentage of that data now being encrypted, means that many traditional security solutions and access points are simply not up to the task. IT teams need to take a hard look at the impact that analyzing volumes of encrypted traffic will have on the performance of their current security tools," it added.