99% of vulnerabilities exploited will continue to be known security vulnerabilities
InfoSec policies are slow to implement, slow to audit, and are firmly situated in practices that pre-date the shift toward orienting around automation and high velocity. As a result, they are arguably ineffective.
Estimates are that, through 2020, 99% of vulnerabilities exploited will continue to be ones known by security and IT professionals for at least one year or more.* Verizon’s Data Breach report shows that for the last three years, more than 88% of observed exploits can be accounted for by only nine known vulnerabilities.**
*Gartner—Predicts 2016: Threat and Vulnerability Management
**Verizon—Data Breach Investigations Report 2017