The 2023 Verizon Data Breach Incident Report (DBIR) underscores the critical importance of robust, prompt, and automated patch management in maintaining cyber hygiene. Dave Hylender, the Senior Manager of DBIR at Verizon, highlighted the primary threat vectors that have proven most successful in breaching enterprise systems: stolen credentials, phishing attacks, and exploitation of vulnerabilities such as improperly configured systems or those left unpatched.
The report detailed the major cybersecurity occurrences throughout 2022, highlighting an alarming trend: each month marked the occurrence of one or more serious incidents resulting from unpatched vulnerabilities. In these instances, available patches were not deployed, resulting in either a data breach or another form of cybersecurity incident. Notably, the only deviation from this pattern was observed in December, which saw a decrease in such incidents.
According to the DBIR, the most exploited vulnerability was Log4j. The widespread use of Java contributed significantly to this trend, with organizations scrambling to locate and address any instance of the Log4j vulnerability within their enterprise systems. The report highlighted that a significant amount of scanning activity related to Log4j, around 32%, occurred within just 30 days following the release of the patch, suggesting a rapid response from enterprises to mitigate this particular threat.
“There was swift action from the community to spread awareness and patch all the different systems that had Log4j as a component,” said Hylender. “That surely helped avert a bigger disaster.”
The largest surge of Log4j scanning activity happened 17 days after the publication of the bug.
“Normally, it takes 49 days on average to deploy a critical patch,” said Hylender. “There was a cohesive response across the industry that resulting in quicker patching.”
Errors, Misconfigurations, and Web App Attacks – Oh My!
The DBIR also covered error-related breaches, which it categorizes as unintentional actions that directly compromise a system’s security. These can include misconfigurations, poor user practices, or even inadvertent disclosures. The 2023 DBIR noted that such errors have become a common source of data breaches, underscoring the need for robust security training and protocols within organizations. While they are down slightly from last year, they still represent a significant threat. The report further emphasized that error-related breaches are often overlooked yet can have devastating impacts, thus making it paramount for enterprises to address this vulnerability.
“During the year, we saw plenty of instances of mis-delivery of data and credentials, publishing errors, system misconfiguration, and programming errors,” said Hylender. “These mainly came from developers and system admins, and lots of personal data was exposed due to this.”
Basic web application attacks were another prominent factor in breaches. They consist of leveraging stolen credentials and vulnerabilities to gain access to organizational assets. Attackers then advance further into the enterprise, stealing information from emails or corrupting code.
“While these attacks aren’t complicated, they certainly are effective and have remained a relatively stable part of our dataset, which prompts us to discuss once again, the importance of multifactor authentication (MFA) and patch management,” said the report. “Unpatched vulnerabilities are still the bread and butter for many attackers, with 50% of organizations experiencing over 39 web application attacks this year.”
Efficient Patch Management: Enhancing Cybersecurity and Mitigating Risk with Syxsense
As Hylender candidly points out in the DBIR, the industry average for deploying a critical patch is 49 days. This duration, quite frankly, is unacceptably slow, providing ample time for cyber criminals to infiltrate the network, pilfer valuable data, and potentially hold the organization hostage.
Syxsense offers an efficient solution with automated patch management with real-time intelligence on the assets that require remediation. You can regularly scan your organization’s environment and understand your risk with a prioritized risk score. The platform can manage the entire patch lifecycle, from detection to installation and verification. Users can also customize patching rules based on their needs. When new critical patches are released, they can be tested and deployed safely and efficiently. This is accomplished by the built-in automation and workflow features included in Syxsense Enterprise.
Jen Easterly, Director of the U.S. Cybersecurity and Infrastructure Security Agency (CISA), stated it clearly in the DBIR appendix: “While some adversaries use advanced tools and techniques, most take advantage of unpatched vulnerabilities, poor cyber hygiene or the failure of organizations to implement critical technologies like MFA.”
Don’t be left unpatched and unaware. Schedule a demo today.