Zero day targeted threats - don't panic if they are targeted?

According to a IT Knowledge Exchange article, we shouldn't panic because a zero day threat in software that almost every enterprise has installed are not spreading rapidly and are in most cases targeted.

Arent' these exactly the threats that we should be worried about? In fact I would argue that for every 0-day threat reported there are five more unreported. And in cases where the attacks are motivated (targeted) there is likely a greater probability of loss.

In my opinion the criteria we use to gauge the risk related to vulnerabilities shouldn't include how noisy and fast the infection rate is, but instead look at the impacts and probabilities of being targeted.


Popular Posts