All IT assets have piece of code that could be a potential vulnerability, however, the national vulnerability database found that around 24,000 out of 120,000 vulnerabilities have been weaponized. This is critical information when it comes to prioritizing assets to protect.
CVSS or common vulnerability scoring system are metrics that provide insight on how difficult it is to exploit a vulnerability and how much impact it would cause if exploited. From an attacker’s perspective, they do not clearly know what impact it would cause to an organization, so they will most likely go for the easiest exploits first in the beginning.
While a specific IT system may be easy to target, it may not be valuable to the company, but this doesn’t mean you should ignore it either. Easy targets become another attack vector, because once the attacker enters the network using one system, it becomes easier to sneak around looking for another valuable target afterwards.
Once attackers find out the easiest vulnerability to take advantage of, they will choose the appropriate tools to exploit with. It’s important to understand what type of weapons would be used against specific sets of vulnerabilities because it’ll help set up your defenses better.
HansITAcademy 