Security News > 2022 > September > Organizations should fear misconfigurations more than vulnerabilities

Through careful examination of which ports, services, and software are most prevalent on the internet and the systems and regions where they run, the research team discovered that misconfigurations and exposures represent 88% of the risks and vulnerabilities across the internet.

Researchers also conducted a holistic assessment of the internet's response to three major vulnerabilities - Log4j, GitLab and Confluence - to understand mitigation strategies based on how a vulnerability is perceived.

Three distinct types of behavior in response to vulnerability disclosures Near-immediate upgrading: Systems vulnerable to Log4j acted quickly based on the widespread coverage of the vulnerability.

Upgrading only after the vulnerability is being actively and widely exploited: While the GitLab vulnerability was being exploited, the remediation process acted slower than others until researchers discovered a botnet composed of thousands of compromised GitLab servers participating in DDoS campaigns.

The internet constantly evolves as new technologies emerge, vulnerabilities are discovered, and organizations expand their operations that interact with the internet.

Regardless of vulnerability type, providing organizations with the visibility and tools needed to strengthen their security posture introduces a proactive, more vigilant approach to digital risk management.

News URL

https://www.helpnetsecurity.com/2022/09/13/state-of-the-internet/