Our lead data scientist Michael Roytman just participated in a fun podcast called Cybercrime & Business, in which he discusses one of the biggest challenges around vulnerability management: the time it takes organizations to remediate vulnerabilities, or the remediation gap.
Michael talks about his research and how even “conservative” estimates found that the window of opportunity for many exploits remains significant:
- On average, it takes businesses 100-120 days to remediate vulnerabilities.
- At 40-60 days, the probability of a vulnerability being exploited reaches over 90 percent – indicating that most successfully exploited vulnerabilities are likely to be exploited in the first 60 days. The gap between being likely exploited and closing a vulnerability is around 60 days.
- As of August 1, 2015, there have been a total of 1,272,152,215 successful exploits this year from a sample size of approximately 50,000 organizations. This is compared to 219,951,631 exploits in 2013 and 2014 combined.
“The gap that we’re looking at is getting much bigger, and I think that is happening because attackers are getting really, really good at automated attacks,” Michael points out.
The full podcast is here (Michael’s section starts around 15:30):