In May 2019, Verizon Enterprise released the 12^th edition of its Data Breach Investigations Report (DBIR). Researchers analyzed a total of 41,686 security incidents, of which there were 2,013 data breaches, for the publication. More than half (52 percent) of those reported breaches involved some form of hacking.

The report listed the most prominent hacking variety and vector combinations, with “vulnerability exploitation” making the top three. As this has continued to remain a long-standing problem over the years, how are organizations addressing vulnerabilities today?

To answer that question, Tripwire partnered with Dimensional Research to survey 340 information security professionals about trends in vulnerability management (VM).

A Lack of Focus on Managing Vulnerabilities

Tripwire’s study revealed that many organizations could be doing more to manage their vulnerabilities. Supporting this conclusion, 27 percent of survey participants said their employer had suffered a data breach as the result of an unpatched vulnerability. The rate was even higher for European organizations at 34 percent.

It’s not that organizations have no means of recourse, however. They can reduce significant cybersecurity risk with a strategic vulnerability management program. This starts with obtaining visibility of their attack surface. This requires the ability to detect new hardware and software that connect to the network.

Speed is key when it comes to network visibility. Unfortunately, many survey participants disclosed that their employers didn’t have it. More than a fifth (21 percent) of IT security professionals told Tripwire that it took their organizations a matter of days to detect new IT assets. For 10 percent, it was months or longer, while 11 percent admitted that their employer lacked the ability to discover new hardware and software altogether.

Tim Erlin, vice president of product management and strategy at Tripwire, said this lack of asset discovery capabilities is a problem (Read more...)