10 industry-defining security incidents from the last decade

From Heartbleed to Apache Struts to SolarWinds, these are the 10 watershed security incidents of the past 10 years.

1 2 Page 2
Page 2 of 2
  1. Lack the ability to track and log various services running on a network
  2. Struggle to vouch for and apply patches to assets without disrupting workflow
  3. Are slow to react to discovered zero-days.

This is likely to take on greater significance given a sharp increase in zero-day exploits detected in 2021, Trustwave added.

Alex Rothacker, security research director at Trustwave Spiderlabs, tells CSO that organizations are constantly playing catch up to patch the latest vulnerabilities. “This is extremely challenging, especially for smaller organizations with limited or no dedicated staff. Even for larger organizations, there isn’t always a patch readily available. Take Log4j as an example. Most of the vulnerable Log4j versions are part of larger third-party software packages and many of these third-party vendors are still struggling to fully update their complex applications.”

What’s more, as time goes by, focus shifts to the next vulnerability, leading to older patches sometimes falling through the cracks, Rothacker adds. “The older a vulnerability, the more information is available about how to exploit it. This basically makes the vulnerability a low hanging fruit, requiring less skills for the attacker to take advantage of the known vulnerability. For sophisticated attackers, it is an easy target.”

Copyright © 2022 IDG Communications, Inc.

1 2 Page 2
Page 2 of 2
7 hot cybersecurity trends (and 2 going cold)