In response to a recent report from Recorded Future, which revealed that seven of the top 10 vulnerabilities of 2017 exploited by phishing attacks and exploit kits utilised Microsoft products, Bill Lummis, Technical Program Manager at HackerOne commented below.
Bill Lummis, Technical Program Manager at HackerOne:
“The report shows that you can’t be narrowly focusing on just one exploit or just one attack vector. The best thing security administrators can be doing is improving their patch management processes for the software their users need to have installed, and removing the software they don’t need. The crimeware groups aren’t going to pick up their ball and go home just because one piece of software becomes harder to attack, so it’s important to think of the issue in terms of security best practices, rather than focusing too narrowly on specific avenues of exploitation.
What’s important is training employees to try and take security into their own hands, since they’re on the front line. Security experts in the modern enterprise have to constantly be learning, and staying on top of the news.”