Nearly a quarter of all businesses have fallen victim of a cyberattack because of unpatched vulnerabilities, a new report from Tripwire claims. This number rises even higher in Europe, to more than one in three.
Managing vulnerabilities, Tripwire says, starts with organisations being able to detect new hardware and software on their networks, fast. The majority does it fairly well, spotting new additions within minutes or hours. However for many, this is a manual effort, and that’s where the trouble starts.
“Finding vulnerabilities is just a part of an effective vulnerability management program,” said Tim Erlin, vice president of product management and strategy at Tripwire. “It’s important for organisations to focus on building a program instead of deploying a tool. Vulnerability management has to include asset discovery, prioritisation, and remediation workflows in order to be effective at reducing risk.”
Most companies run scans to look for vulnerabilities in their attack surface, but not everyone addresses what they find. The use of authenticated scans is on the rise, which is good news, but there is still more than a third (39 per cent) of organisations that aren’t scanning frequently enough.
Industry standard is once a week, Tripwire claims.
Roughly one in seven (16 per cent) of US organisations said they only conduct vulnerability scans to meet compliance or other requirements. This rate was higher for European organisations, at 21 percent.
Half of organisations have enough bandwidth to focus only on vulnerabilities with a high disaster potential.
Image Credit: Wright Studio / Shutterstock