With patching proving to be a critical weak area making organisations vulnerable to cyber attacks, a towering 78 per cent of organisations lack urgency, saying they fix vulnerabilities within 30 days.
Very few organisations were found to have the necassary zero tolerance approach to leaving patches uninstalled after release, with just 15 per cent presenting this attitude.
A more substantial 46 per cent of organisations said that they would not be willing to wait longer than seven days before implementing a patch, still a worrying attitude with GDPR now at the door.
It is becoming increasingly clear that automation is vital to make a real difference in security prospects, with the threat landscape now bristling with danger and organisations failing to be proactive about patching.
In light of this, perhaps one of the most worrying findings of the Dimensional Research study presented by Tripwire is that just 17 per cent of organisations are automating tools for tracking down vulnerabilities.
Tim Erlin, vice president of product management and strategy at Tripwire, said: “Attackers will always go for the low-hanging fruit, the proverbial ‘unlocked door,’ over a more complex method of compromise. As long as these older vulnerabilities are present, they’ll continue to be exploited. Organizations should really be aiming to fix vulnerabilities on their systems as rapidly as is feasible… Any gap in applying a patch to a vulnerability provides an opportunity for hackers to access systems and steal confidential data.”
The research also found that there is a fairly even split in opinion regarding investment, 54 per cent believe an investment in people is of foremost importance, while 46 per cent said that technology is where spending should be focussed.
“If you don’t know what devices are on your network, you’re setting yourself up to fail in terms of securing it. For some organisations, doing this manually is just unrealistic and too challenging, which is why automated technology solutions exist to address this issue. Those who can identify these changes and additions to their networks within minutes will be in a much more comfortable position when it comes to security,” said Erlin.
This article is from the CBROnline archive: some formatting and images may not be present.