The Symantec Internet Security Threat report of 2014 released recently indicates that in 2014 6549 new vulnerabilities were reported as compared to 6787 in 2013.
Out of these, there were 891 Web Browser vulnerabilities which are a serious threat to ordinary Netizens.
As can be observed from the above table, the total number of vulnerabilities in the 5 major browsers declined from around 891 in 2012 to 591 in 2013 and again went up to 639 in 2014. Internet explorer recorded the highest number of vulnerabilities at 282 while Opera appeared to be the most secure browser.
Browser plug ins including Adobe Reader, Flash Player, Apple Quicktime, Microsoft Actve X as well as Firefox extensions and Java constituted additional vulnerabilities.
Inference is that using Opera web browser and avoiding plug ins could reduce the risks of being exploited by these vulnerabilities.
The study has also tried to track what it calls as ICS vulnerabilities. These represent the vulnerabilities with Industrial Control Systems including SCADA (Supervisory control and data acquisition) systems of the type attacked by Stuxnet virus in the past.
ICSs are typically used in industries such as electrical, water, oil, and gas. Based on data received from remote stations, automated or operator-driven supervisory commands can be pushed to remote station control devices.
This is of special interest to non IT manufacturing companies who have a huge stake in terms of exploitation particularly by Cyber terrorists. It is also of relevance to Secure Digital India where stakes are being placed on Smart Cities.
Siemens products continue to find a place in the list of such vulnerabilities along with Advantech WebAccess and Schneider electric products. A total of 35 such vulnerabilities have been disclosed in the report.
Industries using such products should pay special attention to these vulnerabilities and Cyber Insurers and CISOs also need to take special note of such vulnerabilities.