Infosec experts are moving much slower than malware does, new report suggests, saying that this puts plenty of companies at cybersecurity risks.
A new report by Bitdefender shows some numbers: More than half of infosec professionals, 57 per cent, will be aware of a large-scale public cyber threat, such as NotPetya or WannaCry, within the first 24 hours of it being discovered.
Another third, 32 per cent, will become aware in the first 25 to 48 hours. However, almost half (49 per cent) of infosec professionals are saying it would take their organisation more than 24 hours to patch a vulnerability. "Given the speed at which modern malware spreads, this simply isn’t quick enough, and leaves a host of large companies vulnerable.”
“I guess it’s not surprising that it’s taken another confidence-busting incident like WannaCry to begin turning the crank on organisational cyber maturity improvement — but in security it is usually only when something goes fundamentally wrong that business leaders realise something needs to change,” said Marc Lueck, CISO at Company85.
“As a CISO myself I’m really starting to see greater improvements in our reporting lines, all the way to the board, and our jobs are far better defined. I think over the next couple of years we’ll continue to see organisations dramatically improving their overall security posture — the risk of doing nothing is just too great.”
The report is based on a poll of 250 CIOs, CISOs and CSOs, and you can find it on this link.
Photo Credit: andriano.cz/Shutterstock