Zero Day Vulnerabilities Become the Clear and Present Danger
Zero Day Vulnerabilities Become the Clear and Present Danger
July 31, 2007: PatchLink’s customer survey has revealed most IT professionals consider zero-day vulnerabilities to be the most critical security concern facing organisations today.
Zero-day vulnerabilities are the top security concern for 54% of IT professionals, according to the results of a customer survey conducted by security and vulnerability management company PatchLink. Hackers are the second largest security concern with 35%, followed closely by malware/spyware with 34%.
Modern day attacks are becoming increasingly financially motivated, with highly sophisticated and customised malware becoming the norm. The latest attacks are "designed to exploit unpublished application vulnerabilities” said Charles Kolodgy, research director at IDC. Zero-day threats are considered particularly malicious because they exploit vulnerabilities in computer security holes which have no available solution.
The age old game of cat and mouse between security companies and hackers is showing no signs of letting up. The survey revealed 50% of respondents have 10 or more programs installed for security monitoring and operations.
The increasing threat faced by software flaws and vulnerabilities has seen a major increase in the reaction times of IT staff, with 29 percent of organisations deploying critical updates within two hours during 2007, compared to just 14 percent in 2006.
Whilst IT the reaction time improvements are a very good thing, the fact that upwards of 10 or more programs are needed to provide adequate protection is showing signs of just how out of control these threats are spiraling.