Cybercriminals have a median seven-day window of opportunity during which they can exploit a vulnerability to attack their victims, potentially siphoning sensitive data, launching ransomware attacks and causing extensive financial damage before organizations even take the first step to determine their cyber exposure and whether they are at risk.
According to a new Tenable report, it takes a median six days for a cybercriminal to weaponize vulnerabilities once a new public exploit first becomes available. However, security teams can take a median 13 days before launching their initial assessment for a new vulnerability — the first, crucial step in determining overall cyber exposure in modern computing environments. The resulting seven-day lag time means that cybercriminals can attack their victims at will while security teams and their organizations remain in the dark as to the true level of risk to the business.
Digital transformation has radically increased the number and type of new technologies and compute platforms – from Cloud to IoT to Operational Technology – and led to a dramatic growth in the attack surface. Inevitably, this expanding attack surface has given rise to an unrelenting barrage of vulnerabilities.
Read more at HelpNetSecurity.