Most security professionals (78 per cent) look to fix all spotted network vulnerabilities within a month since they have been discovered, a new report by Tripwire and Dimensional Research says.
The report found that 78 per cent of security teams would patch a flaw within a month, raising worrying questions about what the remaining 22 per cent are doing.
The study of 406 professionals also found that 40 per cent look to patch things up within a fortnight, and fifteen per cent believe that once a vulnerability has been discovered, it is unacceptable to wait at all. Half (46 per cent) would be patient for a week, but no more.
“Attackers will always go for the low-hanging fruit, the proverbial ‘unlocked door,’ over a more complex method of compromise. As long as these older vulnerabilities are present, they’ll continue to be exploited. Organisations should really be aiming to fix vulnerabilities on their systems as rapidly as is feasible,” said Tim Erlin, vice president of product management and strategy at Tripwire.
“Any gap in applying a patch to a vulnerability provides an opportunity for hackers to access systems and steal confidential data.”
There is no clear consensus on what’s more important – people or technology, when it comes to mitigating attacks. Slightly more than half (54 per cent) think investing in people is more important. The rest (46 per cent) would say the same but for technology.
“Vulnerability management begins with asset discovery, or creating an inventory of all known hardware and software installed on their networks,” Tripwire says.
“This this difficult to do manually at large organisations.”
What’s important to add is that less than one in five (17 per cent) have automated tools helping them with identifying locations, departments and other important information about unauthorised hardware or software changes on the network.
Image Credit: ESB Professional / Shutterstock