On Not Fixing Old Vulnerabilities
How is this even possible?
…26% of companies Positive Technologies tested were vulnerable to WannaCry, which was a threat years ago, and some even vulnerable to Heartbleed. “The most frequent vulnerabilities detected during automated assessment date back to 2013-2017, which indicates a lack of recent software updates,” the reported stated.
26%!? One in four networks?
Even if we assume that the report is self-serving to the company that wrote it, and that the statistic is not generally representative, this is still a disaster. The number should be 0%.
WannaCry was a 2017 cyberattack, based on a NSA-discovered and Russia-stolen-and-published Windows vulnerability. It primarily affects older, no-longer-supported products like Windows 7. If we can’t keep our systems secure from these vulnerabilities, how are we ever going to secure them from new threats?
Roman • March 9, 2021 7:22 AM
Positive Technologies is a Russian company (https://en.wikipedia.org/wiki/Positive_Technologies), probably they were testing Russian companies? It’s not clear from the original reporting (“The report consists of the company’s 19 most representative projects from 2019 and the first half of 2020.”)