By Dave Bailey
16 March 2010
Medium- and lower-risk flaws are being used more by hackers to penetrate
enterprise networks, due to firms taking longer to patch them.
Security experts have warned businesses that hackers are moving their
focus from flaws designated as high risk by software vendors to flaws
normally seen as lower risks.
Lloyd's of London chief information security officer Marcus Alldrick
said, " [Hackers] are not going for the normal high risk flaws, they're
going for the medium risk ones. In the patch management cycle, the
medium risk flaws are being patched later."
That delay in patching is also being exacerbated by hackers combining
the lower-risk flaws to create so-called blended threats, explained BT
global head of business continuity, security & governance practice Ray
By combining two lower-risk flaws, hackers can cause high-risk threats
to an organisation.
Register now for HITBSecConf2010 - Dubai, the premier
deep-knowledge network security event in the GCC,
featuring keynote speakers John Viega and Matt Watchinski!