Last week I talked about the single best thing you can do to prevent malicious attacks on your network: whitelisting. Unfortunately, a lot of people simply can't adopt whitelisting due to politics, operational needs, or both. I understand that.
So here's the second best thing you can do to reduce security risk: perfect patching.
[ Tune in to 5 true tales of (mostly) white-hat hacking. | InfoWorld's expert contributors show you how to secure your Web browsers in a free PDF guide. Download it today! | Learn how to protect your systems with InfoWorld's Security Central newsletter. ]
Most of today's malware works by exploiting holes in unpatched software. Specifically, most malicious attacks involve exploiting unpatched Internet-related software, including add-ins, browser helper objects, and so on. Unpatched Java is easily the most exploited vulnerability, accounting for 50 percent or more of all successful attacks -- and has held that leadership position since 2012. Prior to that, Java was No. 2 two behind Adobe Acrobat Reader.
It used to be that unpatched operating system vulnerabilities, specifically Microsoft Windows, led the way. Today, Windows isn't even in the top 10 of most exploited programs. One popular antimalware vendor has said that Windows and Internet Explorer together accounted for just 3 percent of all exploits last year, while Java and Acrobat Reader accounted for 78 percent. Does that stat shock you? It shouldn't. It's been that way for many years.
Think of how earth-shaking this should be for your company and your IT security processes. If you stay up to date on your patching for two measly programs, Java and Acrobat Reader, you can eliminate 78 percent of your risk -- amazing but true!