It is a common misconception that in order to secure a system, the most recent vulnerability discovered must be addressed and mitigated. Unfortunately, this idea frequently results in the waste of resources that could instead be applied to vulnerabilities that pose a risk.
There are hundreds, if not thousands, of different configurations of vulnerabilities in OT (operational technology) infrastructures, making it nearly impossible for teams to address them all without a thorough audit and comprehensive security plan. Teams frequently prioritize newly discovered ones as a result, but this can occasionally be a mistake.
This is due to the fact that recently found vulnerabilities are frequently comparable to “just one more bucket of water added to an ocean” of previously undetected vulnerabilities. These vulnerabilities can easily be overlooked, even with the most modern research teams and funding. Finding known vulnerabilities with known exploits that are being used actively or are at higher risk is much more beneficial.
In actuality, vulnerabilities that date back 10 or 20 years are those that are most likely to prove harmful to systems. These include flaws in outdated software like Windows XP and Windows 7, Adobe Flash players, unsecured remote access points, and contractor laptops with malware that are connected to process networks.
Concentrate on the system’s areas with the greatest risk. The number of vulnerabilities that can be mitigated with the available resources is the most practically significant security factor to take into account, disregarding the vibrancy of a newly discovered vulnerability. The systems will remain insecure if other, more recent vulnerabilities aren’t fixed and there isn’t a clear understanding of the current ones and a focus on reducing them.
In order to maintain a safe and secure system, teams must ultimately concentrate on the current vulnerabilities rather than just the most recent ones. It is much more likely to be successful in lowering risks to prioritize known vulnerabilities with exploits over new discoveries.