Operating Systems not the key security risk anymore
The SANS Institute is out today with a new Cyber Security Risks report. Among their top conclusions is the assertion that operating systems are not the biggest IT security problem.
Add-on applications and web application vulnerabilities, top SANS list for security vulnerabilities.
"Waves of targeted email attacks, often called spear phishing, are
exploiting client-side vulnerabilities in commonly used programs such
as Adobe PDF Reader, QuickTime, Adobe Flash and Microsoft Office," the report states. "This
is currently the primary initial infection vector used to compromise
computers that have Internet access."
This is not a surprising finding to me.
Users are not updating apps as often as they should, whether it's Adobe Flash or Apple QuickTime. Other security researchers have pointed out the same issue, time and again as well.
The other big issue is web application vulnerability, which again is something that is no surprise either.