Some systems ‘remain vulnerable for 3 years’ following attack

September 26, 2013

Companies that have been subject to an attack could wrongly believe that their systems are secure, when in fact they are still vulnerable to malicious activity.

This is according to a new report from experts at Kaspersky Lab and Outpost 24, who carried out a security audit on a variety of European organisations.

The team explained that many companies often strive to have all systems secured and back up and running within three months – but in reality this is not always possible.

In fact, 77 per cent of threats were found to still exist a year after being discovered and in some cases, three years following the event.

The main reason for this is that companies have not taken steps to ensure their vulnerability management, as unpatched problems can easily be exploited and have a widespread impact.

David Jacoby, senior security researcher at the Kaspersky Lab global research and analysis team, explained that hotels and privately-owned companies were more aware of security issues than government organisations.

He commented further: "From this first-hand experience, it is fair to conclude that there is a real problem.

"The security audit we performed is relevant for any country because that gap between the moment a vulnerability is detected and the moment it's patched exists everywhere, in every country."

As a means of testing security protocols, Mr Jacoby asked at the front desk of 11 organisations whether he could print out a document stored on a USB stick for an appointment at another venue.

Only one hotel out of three agreed to the request, while the privately-owned companies declined and four out of six government organisations did offer their assistance.

"The result of my USB stick experiment is also a wake-up call for those searching for tailored security solutions that cover the 'threats of tomorrow' – it highlighted that training your staff to be prudent is just as important!" Mr Jacoby commented.


Leave a Reply

Your email address will not be published. Required fields are marked *