Why you don’t have to fix every vulnerability
Image by Thinkstock
The word “vulnerability” typically comes with a “must fix now” response. However, not all vulnerabilities should be treated equally because not all of them pose a risk. It all depends on what the data represents. In fact, some vulnerabilities are OK to deprioritize, depending on associated threats and the value of the asset at risk. For example, a lock on a 20th floor window of a building is not as important as one on the ground level, unless the contents of the room are so valuable that a thief would take the effort to access such an unreachable place. Scans reveal thousands of vulnerabilities across all assets – networks, applications, systems and devices – but they do not show which ones could lead to a damaging compromise if not fixed immediately. It is not about ignoring vulnerabilities; it is about prioritizing how you apply your resources to remediate them. Bay Dynamics provides some examples of vulnerabilities that are OK to put on the back burner.
To read this article in full or to leave a comment, please click here
Read more: Why you don’t have to fix every vulnerability
More antivirus and malware news?
- More IoT insecurity: The surveillance camera that anyone can log into
- Microsoft’s new browser, Spartan, gets detailed in a plethora of new images
- Pwn2Own WhatsApp Hacker Says Exploit Privately Disclosed to Meta
- Newly Patched MS Word 0-Day Heuristically Detected by Deep Discovery
- Cyberattack Hits New Zealand Budget
- Microsoft Patch Tuesday: Just two critical fixes but they affect a lot of Windows systems
- "Dust Storm" Attackers Target Japanese Critical Infrastructure
- Do you find passwords too darn hard? Then poetry’s your hidden card!
- Facial recognition: it’s much more widespread than you might think
- Microsoft Windows CVE-2018-8136 Remote Code Execution Vulnerability