Recent Trend Micro research points to a big problem when it comes to keeping up with patching in legacy IT equipment. It found that nearly a quarter (22%) of exploits sold on cybercriminal underground are more than three years old, indicating the scale of threat from unpatched legacy vulnerabilities.
Trend Micro has thus urged organisations to focus patching efforts on the vulnerabilities that pose the greatest risk to their organisation, even if they are years old.
“Criminals know that organisations are struggling to prioritise and patch promptly, and our research shows that patch delays are frequently taken advantage of,” said Mayra Rosario, senior threat researcher for Trend Micro. “The lifespan of a vulnerability or exploit does not depend on when a patch becomes available to stop it. In fact, older exploits are cheaper and therefore may be more popular with criminals shopping in underground forums. Virtual patching remains the best way to mitigate the risks of known and unknown threats to your organisation.”