According to a report by Edgescan, organizations continue to take nearly two months to rectify critical risk vulnerabilities, with an average mean time to remediate (MTTR) of 60 days across the complete stack. High rates of “known” (i.e. patchable) vulnerabilities with live exploits employed by the well-known nation-state and cybercriminal groups are not prevalent.
Significantly, 57 percent of all security vulnerabilities are more than two years old, with up to 17% being older than five years. All of these flaws are being used by the known nation-state and cybercriminal organizations. Edgescan also discovered an alarming 1.5 percent of reported unpatched vulnerabilities date back to 1999 and are almost 20 years old.
“Patching and maintenance are still a challenge, and so is detection. Attack surface management and visibility is paramount, and with our report, we aim to inform enterprises of the most common exposures” said Eoin Keary, CEO of Edgescan.