https://www.channelfutures.com/wp-content/themes/channelfutures_child/assets/images/logo/footer-new-logo.png
  • Home
  • Technologies
    • Back
    • Analytics
    • Artificial Intelligence
    • Cloud
    • Data Centers
    • Desktop
    • IoT
    • Mobility
    • Networking
    • Open Source
    • RMM/PSA
    • Security
    • Virtualization
    • Voice/Connectivity
  • Strategy
    • Back
    • Best Practices
    • Business Models
    • Channel 101
    • Channel Programs
    • Channel Research
    • Digital Transformation
    • Diversity & Inclusion
    • Leadership
    • Mergers and Acquisitions
    • Sales & Marketing
    • Specialty Practices
  • MSSP Insider
    • Back
    • Business of Security
    • Cloud and Edge
    • Endpoint
    • Network
    • People and Careers
    • Training and Policies
  • MSP 501
    • Back
    • 2020 MSP 501 Rankings
    • 2020 Hot 101 Rankings
    • 2020 MSP 501 Report
  • Intelligence
    • Back
    • Our Sponsors
    • From the Industry
    • Content Resources
    • COVID-19 Partner Help
    • Galleries
    • Podcasts
    • Reports
    • Videos
    • Webinars
    • White Papers
  • EMEA
  • Awards
    • Back
    • Excellence in Digital Services
    • 2020 MSP 501
    • Top Gun 51
  • Events
    • Back
    • CP Conference & Expo
    • Channel Partners Evolution
    • Channel Evolution Europe
    • Channel Partners Event Coverage
    • Webinars
  • Channel Mentor
    • Back
    • Channel Market Intelligence
    • Channel Educational Series
Channel Futures
  • NEWSLETTER
  • Home
  • Technologies
    • Back
    • Analytics
    • Artificial Intelligence
    • Cloud
    • Data Centers
    • Desktop
    • IoT
    • Mobility
    • Networking
    • Open Source
    • RMM/PSA
    • Security
    • Virtualization
    • Voice/Connectivity
  • Strategy
    • Back
    • Best Practices
    • Business Models
    • Channel 101
    • Channel Programs
    • Channel Research
    • Digital Transformation
    • Diversity & Inclusion
    • Leadership
    • Mergers and Acquisitions
    • Sales & Marketing
    • Specialty Practices
  • MSSP Insider
    • Back
    • Business of Security
    • Cloud and Edge
    • Endpoint
    • Network
    • People and Careers
    • Training and Policies
  • MSP 501
    • Back
    • 2020 MSP 501 Rankings
    • 2020 Hot 101 Rankings
    • 2020 MSP 501 Report
  • Intelligence
    • Back
    • Our Sponsors
    • From the Industry
    • Content Resources
    • COVID-19 Partner Help
    • Galleries
    • Podcasts
    • Reports
    • Videos
    • Webinars
    • White Papers
  • EMEA
  • Awards
    • Back
    • Excellence in Digital Services
    • 2020 MSP 501
    • Top Gun 51
  • Events
    • Back
    • CP Conference & Expo
    • Channel Partners Evolution
    • Channel Evolution Europe
    • Channel Partners Event Coverage
    • Webinars
  • Channel Mentor
    • Back
    • Channel Market Intelligence
    • Channel Educational Series
    • Newsletter
  • REGISTER
  • MSPs
  • VARs / SIs
  • Digital Service Providers
  • Cloud Service Providers
  • CHANNEL PARTNERS ONLINE
 Channel Futures

MSP 501


Thorough More Important Than Speed in Patch Management Study says

‘Thorough’ More Important Than ‘Speed’ in Patch Management, Study Says

  • Written by Aldrin Brown
  • April 28, 2016
The 2016 Data Breach Investigations Report also found that phishing continues to be a dominant vector for cyber-attacks.

A steady, methodical approach to identifying and patching network vulnerabilities is more effective than trying to immediately address every component or device as soon as a patch is released.

That was among the recommendations in the Verizon 2016 Data Breach Investigations Report, which was released this week.

The annual analysis found that the top 10 known vulnerabilities accounted for 85 percent of successful exploits in 2015, and that a failure to patch older common vulnerabilities and exposures (CVEs) continues as a dominant factor in cyber-attacks.

“The tally of really old CVEs which still get exploited in 2015 suggests that the oldies are still goodies,” the report states. “Hackers use what works and what works doesn’t seem to change all that often.”

For this reason, cybersecurity best practices call for a regimen that emphasizes eventual, thorough patching, over speed.

“A methodical patch approach that emphasizes consistency and coverage is

more important than expedient patching,” the report says.

The survey also looked at the time from publication of the vulnerability and announcement of a patch, to the first observed successful exploit.

That analysis found that Adobe vulnerabilities are exploited on average just a few days after publication, followed by Microsoft at just over a week.

On the opposite end of the scale, Apple product vulnerabilities were exploited an average of more than 140 days after disclosure, while Mozilla proved most resistant, at more than 200 days.

“This provides us with some general guidelines on which softwared vulnerabilities to prioritize, along with some guidance on time-to-patch targets,” the report said.

The research also acknowledges an “often ignored” security constraint.

“Sometimes you just can’t fix a vulnerability – be it because of a business process, a lack of a patch, or incompatibilities,” the report said.

“At that point, for whatever reason, you may have to live with those residual vulnerabilities,” the document continued. “It’s important to realize that mitigation is often just as useful as remediation – and sometimes it’s your only option.”

Phishing, a social engineering threat vector favored by organized crime syndicates and state actors, again was the dominant method of cyber-attacks.

The data also found that despite increasing warnings, about 30 percent of phishing emails were opened by the target, while 12 percent of targets performed the vital second click of a malicious attachment or link that unleashes the malware into the network.

Very seldom are phishing emails reported to management, the study found.

“Approximately 3 percent of targeted individuals alerted management of a possible phishing email,” the report said.

The researchers recommend use of email filtering, monitoring of outbound traffic for suspicious connections and exfiltration of data, and regular training of employees to recognize phishing activity.

“Also, provide them with a means for reporting these events,” the study suggests. “We recommend a button on their taskbar, but whatever works for you.”

In all, this year’s study tallied 64,199 security incidents, defined as events that compromise the integrity, confidentiality or availability of an information asset.

There were 2,260 of the more-serious security breaches, in which there was a confirmed disclosure of data to an unauthorized party.

 

Send tips and news to MSPmentorNews@Penton.com.

Tags: MSPs MSP 501

Related


  • 501 Somewhere Logo
    It’s 501 Somewhere: Janet Schijns on Transformational Leadership
    Schijns talks about what it takes to be a true leader, transformational technology, and her three steps for success.
  • Digital workplace
    2020 MSP 501 Full Report
    An in-depth analysis of the managed services industry based on the world’s largest survey of MSPs, the MSP 501.
  • Business Diversity
    MSP 501 Profile: Monroy IT Services with a Minority's Perspective on the Channel
    Now that he thinks about it, everything makes perfect sense as to why George Monroy became a business owner.
  • Arrows made of clouds
    MSP 501 Profile: Middleground Technologies Reaps Cloud Benefits
    Cloud investment in 2019 helped lay a key foundation for 2020.

Leave a comment Cancel reply

-or-

Log in with your Channel Futures account

Alternatively, post a comment by completing the form below:

Your email address will not be published. Required fields are marked *

Related Content

  • MSP 501 Newcomer Award: Oosha Limited Comes of Age
  • MSP 501 — 2020 EMEA Survey & Report
  • MSP 501 Profile: Xamin on COVID-19 Challenges and Strategic Partnerships
  • MSP 501 Profile: Unique IT Pro on Simple Switches and Boosting Product Offerings

Galleries

View all

New, Changing Partner Programs: AWS, Tech Data, Avaya, Verizon

January 11, 2021

Industry Perspectives

View all

The Importance of Being Security-Centric

January 22, 2021

Cyberattacks: Threat Hunters Conquer Unpredictability with 3 Measures

January 21, 2021

The Right Data Migration Tool Helps Schools Move to Cloud During COVID Crisis

January 19, 2021

Webinars

View all

Who’s Behind the Mask? Hacker Personas Explained

January 26, 2021

Your Network Perimeter Has Changed

February 18, 2021

How Managed Hosting Providers Thrive with the Alternative Cloud

February 24, 2021

White Papers

View all

Why Subscription Business Model

January 15, 2021

The Ultimate MSP Guide to Sales Efficiency

January 14, 2021

Eight Reasons Why MSPs Need IT Industry-Specific Sales Tools

January 14, 2021

Upcoming Events

View all

Channel Partners Virtual

March 2, 2021 - March 4, 2021

Channel Partners Conference & Expo

November 1, 2021 - November 4, 2021

Videos and Fastchats

View all

FASTCHAT: How SOAR Eliminates Security Challenges and Elevates Service Provider Revenues

January 6, 2021

Happy Holidays from Channel Partners & Channel Futures!

December 21, 2020

FASTCHAT: How Old, Unpatched Technologies Are Creating New Security Threats for MSPs and Their Customers

December 3, 2020

Twitter

ChannelFutures

.@exabeam, @VulcanCyber, @ntti3, @Vectra_AI, @Lookout and @valtixinc give high marks to @POTUS' federal… twitter.com/i/web/status/1…

January 22, 2021
ChannelFutures

Judge sides with @AWScloud against #Parler; @SADAsystems gets AI-centric board member; @EnsonoIT, @navisite get… twitter.com/i/web/status/1…

January 22, 2021
ChannelFutures

2021 may be the year of the #security-centric #MSP @BarracudaMSP #remoteworking #ITsecurity #dataprotection #RMM… twitter.com/i/web/status/1…

January 22, 2021
ChannelFutures

Adding #AIOps and #AI-driven WANs will help IT administrators move forward, says @MistSystems.… twitter.com/i/web/status/1…

January 22, 2021
ChannelFutures

Microsoft taps @tybryson as corporate VP @msuspartner group @julwhite heading to SAP, @anderson to @Qualtrics.… twitter.com/i/web/status/1…

January 22, 2021
ChannelFutures

#MSPs can inject predictability into #threathunting @Sophos #cybersecurity #ransomware dlvr.it/Rr4ffV https://t.co/Bztc2Yxwvc

January 22, 2021
ChannelFutures

.@RiskBased report shows decrease in #databreaches, jump in exposed records in 2020. dlvr.it/Rr4fcW https://t.co/PYiDMiJFbt

January 22, 2021
ChannelFutures

Legal experts say @VMware's #lawsuit against @nutanix's new CEO holds little weight. dlvr.it/Rr48FJ https://t.co/oLxPhgvgAt

January 21, 2021

MSSP Insider

Newsletters and Updates

Sign up for The Channel Report, Channel Futures Update, MSP 501 Newsletter and more.

Live Channel Events

Get the latest information on the next industry-leading Channel Partners event.

Channel Partners Online

Want more? Find more channel news and analysis on our sister site, Channel Partners.

Media Kit And Advertising

Want to reach our audience? Access our media kit

DISCOVER MORE FROM INFORMA TECH

  • Channel Partners Online
  • Channel Partners Events
  • MSP 501
  • MSSP Insider
  • IoT World Today
  • Webhostingtalk

WORKING WITH US

  • Contact
  • About us
  • Advertise
  • Newsletter

FOLLOW Channel Futures ON SOCIAL

  • Privacy
  • CCPA: “Do Not Sell My Data”
  • Cookie Policy
  • Terms
Copyright © 2021 Informa PLC. Informa PLC is registered in England and Wales with company number 8860726 whose registered and Head office is 5 Howick Place, London, SW1P 1WG.
This website uses cookies, including third party ones, to allow for analysis of how people use our website in order to improve your experience and our services. By continuing to use our website, you agree to the use of such cookies. Click here for more information on our Cookie Policy and Privacy Policy.
X