Security News > 2022 > June > Patchable and Preventable Security Issues Lead Causes of Q1 Attacks

Eighty-two percent of attacks on organizations in Q1 2022 were caused by the external exposure of a known vulnerabilities in the victim's external-facing perimeter or attack surface.

"These behaviors are considered 'risky' because the mitigation relies on an organization's continued security vigilance and willingness to enforce consistent standards over long periods of time," said Tetra Defense in the report.

According to Tetra Defense, the widespread awareness about the Log4Shell vulnerability minimize the active exploitation and was only the third most exploited external exposure accounting for 22 percent of total incident response cases.

The Tetra Defense revealed that nearly 18 percent of the events were caused by the unintentional action performed by an individual employee in the organization.

According to the reports by Tetra Defense, the median cost for an incident response engagement where external vulnerability was the RPOC is 54 percent more than the events where "User Action" was the RPOC. "Advocating for better patching practices has almost become a cliché at this point as it's common knowledge that it plays a major role in reducing cyber risk," Tetra Defense noted.

"To best prevent exploitation of external vulnerabilities, organizations need to understand their attack surface and prioritize patching based on risk, all while ensuring they have the defenses in place to protect their systems knowing that that will have obstacles that will prevent them from immediately patching vulnerable systems," Tetra Defense added.

News URL

https://threatpost.com/lead-causes-of-q1-attacks/180096/