According to a new report from Tetra Defense, the Root Point of Compromise (RPOC) for attacks against U.S. companies was external exposure. Patchable and preventable external vulnerabilities were found to be responsible for the bulk of all attacks.
- 82% of incidents responded to by Tetra Defense were caused by the external exposure of a known vulnerability on the victim’s network
- Incidents caused by unpatched systems cost organizations 54% more than those caused by employee error
- Log4J/Log4Shell is still being actively exploited, but the significant global attention of the vulnerability has prevented ongoing widespread exploitation
- Compromised credentials still account for a number of incidents, underscoring the need for more organizations to adopt multi-factor authentication (MFA) and implement dark web monitoring
“This cost discrepancy highlights the complexity of recovery from external vulnerability incidents and how failing to patch in a timely manner can be a contributor to a higher financial cost to an organization.”