Skip to main content

Security pros only look to patch vulnerabilities within 30 days

(Image credit: Image Credit: ESB Professional / Shutterstock)

Most security professionals (78 per cent) look to fix all spotted network vulnerabilities within a month since they have been discovered, a new report (opens in new tab) by Tripwire and Dimensional Research says.

The report found that 78 per cent of security teams would patch a flaw within a month, raising worrying questions about what the remaining 22 per cent are doing.

The study of 406 professionals also found that 40 per cent look to patch things up within a fortnight, and fifteen per cent believe that once a vulnerability has been discovered, it is unacceptable to wait at all. Half (46 per cent) would be patient for a week, but no more.

“Attackers will always go for the low-hanging fruit, the proverbial ‘unlocked door,’ over a more complex method of compromise. As long as these older vulnerabilities are present, they’ll continue to be exploited. Organisations should really be aiming to fix vulnerabilities on their systems as rapidly as is feasible,” said Tim Erlin, vice president of product management and strategy at Tripwire.

“Any gap in applying a patch to a vulnerability provides an opportunity for hackers to access systems and steal confidential data.”

There is no clear consensus on what’s more important – people or technology, when it comes to mitigating attacks. Slightly more than half (54 per cent) think investing in people is more important. The rest (46 per cent) would say the same but for technology.

“Vulnerability management begins with asset discovery, or creating an inventory of all known hardware and software installed on their networks,” Tripwire says.

“This this difficult to do manually at large organisations.”

What’s important to add is that less than one in five (17 per cent) have automated tools helping them with identifying locations, departments and other important information about unauthorised hardware or software changes on the network.

Image Credit: ESB Professional / Shutterstock

Sead Fadilpašić is a freelance tech writer and journalist with more than 17 years experience writing technology-focussed news, blogs, whitepapers, reviews, and ebooks. And his work has featured in online media outlets from all over the world, including Al Jazeera Balkans (where he was a Multimedia Journalist), Crypto News, TechRadar Pro, and IT Pro Portal, where he has written news and features for over five years. Sead's experience also includes writing for inbound marketing, where he creates technology-based content for clients from London to Singapore. Sead is a HubSpot-certified content creator.