Although the cyber security culture is (fortunately) spreading, discussions among industry insiders are often around advanced issues: advanced persistent threats (APTs), spear phishing, targeted attacks, nation-state cyber weapons, etc. Rarely are the effects of attacks based on the exploitation of widespread, dated and discounted vulnerabilities taken into consideration. These attacks are by far the most frequent, and they have equally disastrous results when compared to the more sophisticated mechanisms. Taking into consideration the damage to a company’s reputation and the fees because of existing regulations (the General Data Protection Resolution, for example), it is not difficult to imagine how being the subject of an accident due to a very trivial vulnerability — for example, the failure to apply a Windows patch or the use of weak credentials on a company’s e-commerce site — can be incredibly harmful.
Not surprisingly, the recent report of the National Cyber Security Center “The cyber threat to the UK business 2017-2018,” stigmatizes the high diffusion of software not patched in the public and private system in the U.K., “highlighting the importance of basic…