When it comes to responding to vulnerabilities and cyberattacks, some businesses are way too slow to prevent serious damage.
This is according to a new report from pentest firm Cobalt.io, which claims that a quarter of firms takes up to 60 days, if not longer, to address low- to medium-risk vulnerabilities.
To make matters even worse, there’s a small “but nonetheless notable segment” of companies (one percent) that don’t bother to remediate them at all.
Cobalt’s new paper, The State of Pentesting, argues that the longer it takes to respond to a vulnerability, the higher the risk. More than two-thirds of respondents (67 percent) believe their companies’ slow response to these vulnerabilities creates an even bigger problem.
Some organizations also fail to protect their full portfolios, making the gaps in their security postures even wider. On average, the report claims, respondents pentest roughly 63 percent of their portfolios, which results in teams struggling to detect everything that makes it past internal checks.
A significant number of firms (40%) say they don't have the money to cover all of it, while a whopping 86 percent of respondents have difficulty finding skilled pentesters. In many cases, the developer and security teams are rarely intertwined, meaning lower-risk findings stay exposed for longer and come up again at a later test.
"Our findings show that security teams consistently struggle to prevent and remediate cybersecurity vulnerabilities that have been well-known to the industry for decades," said Caroline Wong, Chief Strategy Officer at Cobalt.
"Organizations are OK with carrying this risk because it does not cost them anything to do so -- until it does. This is a big, risky problem that applies to organizations across many industry verticals."
- These are the best antivirus programs today