Almost half of data breaches are caused by vulnerabilities that have been known about for between two and four years, but have yet to be closed.
That’s according to the enterprise security arm of HP, which has published the 2015 edition of its Cyber Risk Report. The report examined cyber attacks and data breaches that occurred throughout 2014 to determine what caused them.
The report found that 44 per cent of known attacks exploited vulnerabilities that were two to four years old.
“While newer exploits may have garnered more attention in the press, attacks from years gone by still pose a significant threat to enterprise security,” reads the Cyber Risk Report.
“Businesses should employ a comprehensive patching strategy to ensure systems are up to date with the latest security protections to reduce the likelihood of these attacks succeeding,” it added.
Art Gilliland, senior vice president and general manager for enterprise security products at HP, said: “Our researchers saw that despite new technologies and fresh investments from both adversaries and defenders alike, the security realm is still encumbered by the same problems – even in some cases by the very same bugs – that the industry has been battling for years.
“Well-known attacks were still distressingly effective, and misconfiguration of core technologies continued to plague systems that should have been far more stable and secure than they in fact proved to be.
“We are, in other words, still in the middle of old problems and known issues even as the pace of the security world quickens around us.”
Gilliland went on to warn that organisations must ensure they follow basic security protocols, rather than hoping for one single solution to protect them against cyber attacks.
“We can’t lose sight of defending against these known vulnerabilities by entrusting security to the next silver bullet technology; rather, organizations must employ fundamental security tactics to address known vulnerabilities and in turn, eliminate significant amounts of risk,” he said.
The report also warns about the potential risks posed to enterprises by internet-connected devices such as smartphones and wearables.
“As physical devices become connected through the Internet of Things (IoT), the diverse nature of these technologies gives rise to concerns regarding security, and privacy in particular,” the report warned.
“To help protect against new avenues of attack, enterprises should understand and know how to mitigate the risk being introduced to a network prior to the adoption of new technologies,” it added.
Indeed, a previous study released by HP suggested the Internet of Things is brimming with security threats.