According to a new report, time is everything when assessing and reacting to a cyberattack aimed at a business organization. It is common for attackers to gain and maintain the advantage if they can stay at least one step ahead of the defender, resulting in a window of exposure.
The report, titled Quantifying The Attackers First Move Advantage, measures the difference in days between when an exploit for a vulnerability becomes publicly available and when a vulnerability is first assessed. This is important since security professionals are engaged in a constant “arms race” with threat actors. In relation to vulnerabilities, this arms race is very much about an attackers’ access to exploits and defenders’ ability to assess, remediate and mitigate them.
The attackers gain and maintain the advantage if they can stay at least one step ahead of the defender, resulting in a window of exposure. This survey findings assess the difference in days between when an exploit for a vulnerability becomes publicly available and when a vulnerability is first assessed.
The report finds that attackers have a median seven day window of opportunity to exploit a vulnerability before a defender is even aware they are vulnerable. This means acting quickly is key; however not acting is common for most businesses. 76 percent of analyzed vulnerabilities across businesses had a negative delta – meaning the attacker has, in the overwhelming majority of cases, the first-mover advantage.
To counter this, the report recommends the businesses use continuous vulnerability assessments to effectively improve the ‘time to assess’. However, this activity cannot, by itself, fully mitigate the resulting exposure gap. Here an effective vulnerability management program must be in place to quickly adapt and react to these changing circumstances. Addressing cyberattacks is a “whole of business” issue, impacting upon every team within an organization.
