Verizon: Patch old vulnerabilities or be exploited

security key on keyboard

Companies are failing to protect themselves from malware because they're ignoring security patches that have been available for years, Verizon claimed.

An overwhelming 99.9 per cent of vulnerabilities exploited in 2014 were attacked at least a year after a patch was first published.

This is according to the firm's Data Breach Investigations report, which used information on 20,000 firms from threat management platform Risk I/O to find that most vulnerabilities dated from 2007 eight years ago while some came from as far back as 1999.

"The tally of really old common vulnerabilities and exposures suggests that any vulnerability management program should include broad coverage of the oldies but goodies'," the report read. "Most attacks exploited known vulnerabilities where a patch has been available for months, often years."

Hackers are also getting past companies' antivirus tools far too easily, simply by modifying a few lines of code each time they use an attack in order to change the identifying signature such products look out for. According to Verizon, this accounted for up to 90 per cent of 170 million malware attacks.

The company also analysed 200 cyber liability insurance claims to try and estimate the average cost of a breach but the results varied wildly.

It claimed the cost per 100 records leaked is $254, but said that it could be anywhere between $3,000 and $1.5 million per 1,000 records.

The report said it depends on the type of data lost amid other factors, adding that "the costs of a breach can far outweigh the effort and resources required to keep your business secure."