SANS Report Says Organizations Focusing On the Wrong Security Threats

yahoi writes "Companies around the world are leaving themselves wide open to Web- and client-side attacks, according to a new report released today by the SANS Institute that includes real attack data gathered from multiple sources. SANS found that most organizations are focusing their patching efforts and vulnerability scanning on the operating system, but they're missing the boat: 60 percent of the total number of attacks occur on Web applications, and many attacks are aimed at third-party applications such as Microsoft Office, and Adobe Flash and other tools. Exacerbating the problem, they're taking twice as long to patch Microsoft Office and other applications than to patch their operating systems."

Most type of exploit is 'other'

[symbolset]

Chart [sans.org](jpg) shows 92% 'other'.

From the "No Duh" department...

[spinkham]

Wait, let me get this straight... Attackers are going after the things that aren't getting fixed as quickly? Who would have guessed!

Re:We are just lucky I guess

[localman57]

Well, kudos to you (er, him!) for keeping everyone's computers up to date!

IE6

[godztempus]

Seriously big corporate needs to get off their asses and upgrade their internal web apps to run on IE7 or IE8 atleast.

Re:We are just lucky I guess

[Inda]

The cheque's in the post mate. Cheers.

Re:We are just lucky I guess

[Anonymous Coward]

awwww... someone has a man crush.

Re:We are just lucky I guess

[2names]

No, no, nooooo. I just appreciate him for his - uh - skills in the patch managem...dammit. If any of you douchers says "bromance" I'm kicking your ass. Now I'm off to the Monster Truck rally.