Businesses don’t feel they could stop or avoid a major data breach, like the one that hit Marriott recently, new research has found.
A report from the Ponemon Institute claims organisations are ‘specifically’ struggling with vulnerability management, to avoid breaches through unseen or unpatched systems.
One of the biggest challenges, the report claims, is patching and updating their software regularly. The vast majority of respondents are claiming the patching efforts are not effective.
Not having employees with the appropriate level of skill or education only adds insult to injury. More than two thirds believe their staff isn’t adequate.
On top of it all, unpatched systems get a huge volume of vulnerability alerts. Most organisations don’t have the time, nor the resources, to mitigate all vulnerabilities. Two thirds have said the “inability to act on the large number of resulting alerts and actions” is a big problem.
When it comes to the act of scanning for issues, most companies do it once a month, or even less frequently. Half of them scan only quarterly, or ad hoc.
But it’s not all doom and gloom in the report, there are a few tips that businesses can use to improve their security posture. High performing organisations in terms of security claim that having the ability to automatically discover unmanaged assets helps a lot. Also, being able to analyse vulnerabilities in IoT, BYOD and third-party systems is important, as well as being able to analyse unpatched systems and other attack vectors.
“From this research, it is clear that most enterprises recognize not only are they under-resourced in finding and managing their vulnerabilities, but they also have gaps around assessing the risk and getting full visibility across their IT assets,” said Larry Ponemon, founder and chairman of Ponemon Institute, “which no doubt led to that low confidence vote in their ability to avoid a data breach.”
Image Credit: Wright Studio / Shutterstock