VULNERABILITY DIGEST FROM ACTION1

Patch Tuesday and third-party updates | This Wednesday | 12 PM EST / 6 PM CET

Action1 5 Blog 5 KnowBe4: Patching is Vital for Cyberdefense. What’s the Other Key?”

KnowBe4: Patching is Vital for Cyberdefense. What’s the Other Key?”

June 2, 2023

By Mike Walters

I recently stumbled upon an insightful piece penned by Roger Grimes of KnowBe4 on Spiceworks: The Two Best Things You Can Do to Protect Yourself and Organization. KnowBe4 is the world’s first and largest security awareness training and simulated phishing platform that helps you manage the ongoing problem of social engineering.

One of the standout points in Grimes’ article was: “Social engineering plays a role in 50% to 92% of successful attacks, and the exploitation of unpatched software and firmware contributes to 20% to 40%.” From this perspective, it’s evident that the primary instigators for a majority of successful cyberattacks are social security breaches and the exploitation of unpatched vulnerabilities. Yet, it’s alarming to note that organizations on average only allocate less than 5% of their IT budget to tackle these threats.

Intriguingly, these two techniques—social engineering and vulnerability exploitation—are often employed in conjunction. A perfect illustration is an email that uses social engineering to convince a user to download a malicious payload, thereby initiating an attack exploiting an unpatched vulnerability. This is consistent with Kevin Mandia’s view on vulnerability exploitation and reinforces the exploitation statistics by KnowBe4.

Key takeaways:

  • Countering social engineering requires a multi-faceted approach, including policies, user training, content filtering, and more. To get an in-depth understanding of how best to combat social engineering, refer to KnowBe4’s comprehensive guide: https://blog.knowbe4.com/new-e-book-comprehensive-anti-phishing-guide
  • Aggressively patch any software and firmware vulnerabilities as these are often exploited by malicious entities to cause havoc.

What are you doing to combat these two most common root causes of cyberattacks? Let’s discuss this on the Action1 subreddit or Action1 Discord.

About Action1

Action1 is the #1 risk-based patch management platform for distributed enterprise networks trusted by thousands of organizations globally. Action1 helps to discover, prioritize, and remediate vulnerabilities in a single solution to prevent security breaches and ransomware attacks. It automates patching of third-party software and operating systems, ensuring continuous patch compliance and remediation of security vulnerabilities before they are exploited.

See What You Can Do with Action1

 

Join our weekly LIVE demo “Patch Management That Just Works with Action1” to learn more

about Action1 features and use cases for your IT needs.

 

spiceworks logo
getapp logo review
software advice review
trustradius
g2 review
spiceworks logo

Related Posts

What is Vulnerability Management?

Vulnerability management is an ongoing process of identifying, evaluating, prioritizing, and addressing security vulnerabilities in an organization's systems and the software...

read more

What is Patch Management?

Patch management is the process of keeping software up-to-date by installing updates called patches in order to address security vulnerabilities and close them timely, add new...

read more