Almost all software vulnerabilities have updates available.
According to the Security Intelligence Report from Microsoft, less than one per cent of exploits in the first half of 2011 were against zero-day vulnerabilities, while 90 per cent of vulnerabilities were known and had updates available from the software vendor for more than a year.
Compiling data from 600 million users in 105 countries, it also found that social-engineering techniques were employed in almost half (45 per cent) of all malware propagation.
Adrienne Hall, general manager of Microsoft Trustworthy Computing, told SC Magazine that if IT teams are having trouble managing security in their environment and their resources are stretched, then using the cloud for security is a positive step forward.
Hall said: “Twenty per cent of people we researched are thinking about the cloud, but what are they doing on privacy and governance of data? How are they running their systems and what are the workflow challenges? We believe that if they change their workflow and move to the cloud, that can change the IT management in their company.
“The fact that 90 per cent of the vulnerabilities had updates available are challenges for businesses in computing, so a move to cloud passes the responsibility to the cloud provider, who can manage updates. Some prefer to do their own updates, but others will be confident with outsourcing a level of security management.”
Brad Arkin, senior director of product security and privacy at Adobe, said: “The insight about global online threats, including zero-days, from this report helps our mutual customers better prioritise defences to more effectively manage risk. It also provides a good reminder on the importance of keeping systems up to date with the latest security protections.”