10,000+ Companies Continue to Voluntarily Download Vulnerable Software


Liberty Advisor Group

Of course, they do.

Because even as thousands of companies continue to figure out better ways to protect themselves and their customers, there are still many individuals (read: internal employees) who are making tactical mistakes and failing to protect their company and its data: Hackers just need that one mistake to be successful.

According to Fortune, “As many as 10,801 organizations, including 57% of the Fortune Global 100, have downloaded known-to-be-vulnerable versions of Apache Struts, the popular, open source software package that attackers targeted to loot Equifax, from March 2017 through February 2018, according to data from Sonatype, a Goldman Sachs-backed cybersecurity startup that tracks code pulled by software developers.”

This is exactly what the hackers expected. Simply put, hackers design exploit campaigns knowing poor corporate user security decisions will occur for months if not years after a fix is available. So far in 2018, this pattern has continued with hackers focusing more than 50% of all attacks against only 6 technologies.

Even though we often quickly know the causes of major breaches (and know how to stop them), you shouldn’t be surprised when the next story like this breaks; unsafe behaviors that have already allowed a breach end up repeated for months on end. Instead, you need to accept the reality of always-evolving cyber threats and become prepared for the next attack.

Easier said than done though, right? What is the solution? Companies need to expand their security bubble outward and analyze hackers’ activity well before the first inbound attack reaches the network perimeter. After all, if you understand the hackers’ tactics, techniques, and procedures, you will have a much better chance to know what is coming. It’s time to get proactive.

  1. Constantly monitor your external mappable network footprint to look for potential exposures
  2. Monitor and analyze indicators of reconnaissance well prior to an attack
  3. Start the conversation. Have all the different responsible parties talking to each other, all the time. Create the proper security plan that includes cross department information sharing.

Cyber attacks aren’t going away. Clearly, even known poor security decisions are getting repeated. But in most cases targets are chosen opportunistically. Harden your attack surface and hackers will move onto the next company because, after all, there are at least 10,801 more vulnerable targets already available to them.

Liberty Advisor Group can help your internal security teams achieve information dominance and enhanced protection via our contextualized threat intelligence solutions. We know how and where hackers plan their attacks across surface, deep and dark web; shouldn’t you know, too?


Liberty Advisor Group

Add insights to your inbox

Get the latest in leadership news delivered straight to your inbox with our weekly newsletter.