High-profile cybersecurity incidents continue to result from the simple mistake of leaving a known vulnerability unpatched. To understand how organizations are keeping up with vulnerabilities, Tripwire partnered with Dimensional Research to survey 406 IT security professionals about their patching processes.

Findings revealed that the majority (78 percent) fix all vulnerabilities detected on their network within 30 days of discovery, with 40 percent saying it usually takes less than 15 days. The survey also found that when a new vulnerability is discovered, only 15 percent believe it is unacceptable to wait any time at all for a patch to be installed on their systems once it has been released, while nearly half (46 percent) say they would be prepared to wait no more than seven days.

Tim Erlin, vice president of product management and strategy at Tripwire, reminds us of the dangers of organizations waiting to patch:

Attackers will always go for the low-hanging fruit, the proverbial ‘unlocked door,’ over a more complex method of compromise. As long as these older vulnerabilities are present, they’ll continue to be exploited. Organizations should really be aiming to fix vulnerabilities on their systems as rapidly as is feasible. Any gap in applying a patch to a vulnerability provides an opportunity for hackers to access systems and steal confidential data.

Survey respondents were split on the need to prioritize people vs. technology resources to mitigate today’s cyberattacks; 54 percent believe that an investment in people is needed most, while 46 percent said technology.

Vulnerability management begins with asset discovery, or creating an inventory of all known hardware and software installed on their networks. This this difficult to do manually at large organizations.  However, the survey revealed that only 17 percent of organizations have automated tools which enable them to identify the locations, department (Read more...)