A few days ago Symantec reported a Word exploit in the wild just one day after Microsoft released the patch for the corresponding vulnerability. Rather unusually it was created using Word for Macintosh. Yet just a few months back McAfee claimed that “Exploit Wednesday” was a myth, pointing out that hackers simply don’t stockpile exploits waiting for the release of a patch. Perhaps they do. Or perhaps vendors have taken to stockpiling announcements.
But arguing about the current motives and habits of hackers is beside the point. The threat changes all the time. It can go up or down in any month The real trend to note is that our exposure continues to get worse. Exploits are increasingly likely to strike before you get a roll out your patches. And the consequence is that we need to tighten up security around critical applications and infrastructure. Baseline security measures are no longer sufficient to protect valuable corporate assets. Organisations must identify, prioritise and place additional layers of security around their Crown Jewels. Because corporate infrastructures are becoming as open to attacks as the Internet itself.