Terms like China, APT and Zero-Day are synonymous with Fear, Uncertainty and Doubt (FUD). The trouble is that, in our opinion anyway, these terms and respective news articles detract from the actual problem. For example, in 2011 only 0.12% of compromises were attributed to zero-day exploitation and 99.88% were attributed to known vulnerabilities. Yet, despite this fact the media continued to write about the zero-day threat as if it was a matter of urgency. What they really should have been writing about is that the majority of people aren’t protecting their networks properly. After all, if 99.88% of all compromises were the result of the exploitation of known vulnerabilities then someone must not have been doing their job. Moreover, if people are unable to protect their networks from the known threat then how are they ever going to defend against the unknown?
All of the recent press about China and their Advanced Persistent Threat is the same, it detracts from the real problem. More clearly, the problem isn’t China, Anonymous, LulzSec, or any other FUD ridden buzzword. The problem is that networks are not being maintained properly from a security perspective […]