That’s just a single tech platform, even if it is the one most used for enterprise productivity. ![]() The Microsoft Vulnerabilities Report 2021 estimated 1,268 of them were patched in 2020, up 48% over 2019. There’s a continuous flow of vulnerabilities that expose companies to ransomware. Old, unsupported software and systems for which patches are no longer released.Doubt among smaller companies that attackers would target them.Fear of unintended impacts from updates on systems and applications.Inability to hold departments accountable.Lack of coordination between the security and IT teams.Manual processes, including emails and spreadsheets, that let problems slip through the cracks.No common view of applications and assets across security and IT teams.No tolerance for the downtime required for patching.Time wasted chasing and remediating false positives.Reasons for delaying or forgoing patches include: Even where resources are available, “timely patching is difficult to achieve,” Ponemon says.Īt a human level, “few tasks in security are more tedious than vulnerability management,” Cisco reported from a survey of security professionals, calling patching one of the least well-implemented practices in the field. Many companies lack the needed technology, people and processes to keep up with the never-ending flow of patches from IT platforms and vendors. Ponemon estimated it can take 28 days to patch once a critical or high-risk vulnerability is detected on-premises, and 19 days if it is detected in the more centralized cloud environment. “Patching performance this year in organizations has not been stellar,” according to Verizon’s 2021 Data Breach Investigations Report. Still, 52% of professionals surveyed said they fear they are exposing themselves to ransomware by not keeping systems and applications patched. In the Osterman research, patching ranks second only to multifactor authentication as an effective tool against ransomware, cited for its ability to reduce undefended areas and decrease the likelihood of succumbing to an attack. Attackers may gain access to a network through a phishing email, for example, increase their level of administrative privileges and target unpatched assets to install programs such as ransomware. Some vulnerabilities may have existed for years before their discovery and patching, while others may be introduced in new software versions. The Problem with PatchingĪ patch is a new version of existing software that has been found to contain flaws - known as vulnerabilities if they can allow malicious activity. ![]() Separately, a report from the Ponemon Institute found 42% of companies that experienced a data breach blamed their own failure to apply a patch for a known vulnerability.
0 Comments
Leave a Reply. |