Cyber Delta Infographic

Formula: Δ = TtE – TtA TtE = Time to Exploit Availability TtA = Time to Assess

Why are organizations getting breached?

Tenable Research analyzed the time difference between when an exploit is made public and when the vulnerability is first assessed. They based the study on the 50 most prevalent vulnerabilities from nearly 200,000 unique vulnerability assessment scans.

of analyzed vulnerabilities have a negative delta. Attackers usually seize the first-mover advantage.

76%

On average, attackers have a 7-day head start on defenders. The median delta was -7.3 days (5.5 days TtE - 12.8 days TtA).

Days

-7.3

For 34% of analyzed vulnerabilities, an exploit was available on the same day the vulnerability was disclosed.

1/3

of analyzed vulnerabilities were being actively exploited by malware, ransomware or exploit kits in the wild.

1/4

of analyzed vulnerabilities have a negative delta. Attackers usually seize the first-mover advantage.

76%

For 34% of analyzed vulnerabilities, an exploit was available on the same day the vulnerability was disclosed.

34%

of vulnerabilities in the data are considered High Profile based on media coverage.

14%

Vulnerability Disclosure

Between attackers’ access to exploits and defenders’ ability to assess and address them – who is winning? Let’s look at the numbers:

2. Today’s State of Vulnerability Response: Patch Work Demands Attention, Ponemon Institute, 2018

1. WomenCorporateDirectors and Marsh & McLennan Companies, 2018

23%

15%

Over the last 1 year, there’s been a 15% increase in cyberattack volumes and a 23% increase in cyberattack severity.

In the last 2 years, nearly 1/2 (48%) of businesses experienced a data breach.

1/2

DOWNLOAD FREE REPORT

Here’s how to win the race.

Here’s the grim reality: Vulnerabilities and exploits are discovered daily. Once an exploit becomes public, the vulnerability’s risk factor shifts from hypothetical to real.

Cyberattackers in the lead?

$1.5 Trillion

That’s when the race between threat actors and security teams begins. And the stakes are high: The annual economic cost of cybercrime is an estimated

17.9

78.2

93.8

05%

10%

15%

20%

35%

30%

25%

Tap each item

Attackers are exploiting vulnerabilities before businesses even know they’re at risk.

Because of vulnerabilities you don't see (yet)

57% of breach victims said they were breached due to an unpatched known vulnerability.

Because of vulnerabilities you see

(vs breach victims)

Rate their ability to quickly patch vulnerabilities

41% higher

In the last 2 years, nearly 1/2 (48%) of businesses experienced a data breach.

1/2

Rate their ability to detect vulnerabilities

19% higher

Pro Tip: If you scan often, you’re less likely to get breached. Companies that avoid breaches:

How the race begins is a key indicator of how it will end. But it’s not game over. The secret to winning the race? Detect vulnerabilities and patch them faster.

Vulnerability Disclosure

Don’t let manual processes and siloed tools slow you down.

Learn key actions you can take now to get ahead:

Need to detect vulns faster?

of orgs spend more time navigating manual processes vs responding to vulnerabilities

Pro Tip: Automate routine activities and break down process and data barriers to accelerate the patching process.

say it’s hard to track whether vulnerabilities are being patched in a timely manner

say manual processes put them at a disadvantage

55%

61%

62%

say it’s hard to prioritize what to patch first

65%

Read Quantifying the Attacker's First-Mover Advantage.

Need to patch promptly?

Read Today’s State of Vulnerability Response: Patch Work Demands Attention.

DOWNLOAD REPORT

DOWNLOAD FREE REPORT

Exploit

Identify Targets

Obtain Exploit

Remediate

Prioritize

Assess

Attacker

Defender

1st Move

2nd Move

3rd Move