Once a vulnerability is announced, the average attacker has a seven-day window of opportunity to exploit the flaw before a defender is even aware they are vulnerable, according to report from Tenable.
Researchers looked at the difference in time between when an exploit is publicly available for a given vulnerability and the first time that a vulnerability is assessed and found the attacker has the first-mover advantage 76 percent of analyzed vulnerabilities, according to the firms Quantifying The Attacker's First-Mover Advantage report.
Researchers analyzed the 50 most prevalent critical and high-severity vulnerabilities from nearly 200,000 vulnerability assessment scans over a three-month period in late 2017.
During which time, the median time to exploit a vulnerability was 5.5 days compared to a median time to assess of 12.8 days needed to assess the flaw fiving attackers their week long head start.
More often than not, the attackers had advantage and in 34 percent of the analyzed vulnerabilities, an exploit was available on the same day that the vulnerability was disclosed and in 24 percent of analyzed vulnerabilities were being actively exploited by malware, ransomware or exploit kits in the wild.
Once vulnerabilities are announced it's the defender's job to assess whether or not the vulnerability affects their organization via a vulnerability scan, then prioritize and remediate patches.
In order to cut back on cybercriminal's head start, researchers recommend users focus on improving their Time to Assess.
“While improving the Time to Assess by 75 percent would result in a positive delta for 66 percent of the analyzed vulnerabilities, the rapid Time to Exploit Availability and its weaponization mean that defenders often begin on a back footing and are challenged to gain the lead in the first move,” the report said.
Researchers also recommend firms focus their remediation and prioritization efforts on vulnerabilities with publicly available exploits and those actively being targeted in the wild. Defenders should also have an effective vulnerability management program that is able to quickly adapt and react to changing circumstances.
This requires the continuous vulnerability assessments to effectively improve the time to assess vulnerabilities, proactively addressing predictable risks, and rapidly reacting to unanticipated and emerging new ones.