A report by the Ponemon Institute takes a closer look at one of the cybersecurity areas organizations continue to have challenges with: patching vulnerabilities. While the study reveals that businesses are planning to hire more cybersecurity staffing resources to help with vulnerability response, the solution needs to go beyond that to truly beat this ongoing issue.
One of the major problems companies have with patching involves broken patching processes. The study finds that:
- 55% of these organizations spend more time navigating manual processes than responding to vulnerabilities.
- Security teams lose an average of 12 days manually coordinating patching activities across teams.
- 65% of organizations find it difficult to prioritize what needs to be patched first.
- 61% of security teams find that manual processes put them at a disadvantage when patching vulnerabilities.
- Organizations spend 321 hours (the equivalent of about eight full-time employees) a week on average to manage the vulnerability response process.
Even if organizations hire more security staff the problems they face with patching vulnerabilities aren’t in the numbers; not to mention that adding cybersecurity talent may be a problem seeing as the expected shortage of that talent will reach 2 million by 2019, according to ISACA.
If businesses are going to fix their patching problem they need to find ways to detect and patch vulnerabilities quickly. While automation tools and technology can help, organizations can’t rely on automation alone seeing as hackers are studying those same tools and tech to get inside an organization’s network.
The best thing organizations can do to resolve their issues with patching vulnerabilities is to set up a holistic cybersecurity posture. The reason for a well-rounded posture is that it helps with the coordination across teams, departments and staff; which in turn reduces the time to respond (one of the first issues with patching vulnerabilities). When you get everybody on board beforehand you find a prepared team when havoc strikes.
Even though patching vulnerabilities may seem straightforward this isn’t the case when 57% of organizations that were breached were successfully infiltrated due to a vulnerability for which a patch was already available.
When businesses stop looking for band-aid solutions to cybersecurity they can set up a foundation that helps their existing security team to be effective when it comes time to patch vulnerabilities.
Let’s talk about your cybersecurity posture to get in front of patching vulnerabilities.
Photo Courtesy of FuzzBones