A new report from Action1 Corporation has revealed that at least 20% of enterprise endpoints still have legacy security vulnerabilities. The survey, based on feedback from over 800 IT professionals, highlights the critical gaps in vulnerability management that continue to be overlooked by executive leadership teams.
The report also showed that low cybersecurity awareness among employees has become a more pressing issue over the past year, with IT teams struggling to combat the problem. Furthermore, 10% of organizations suffered a breach in the last 12 months, with almost half of these breaches resulting from known security vulnerabilities.
Key findings of the report:
- Time to combat low cybersecurity awareness among employees has increased over the past year.
- 10% of organizations suffered a breach over the past 12 months, with 47% of breaches resulting from known security vulnerabilities; phishing was the most common attack vector reported by 49% of respondents; 54% of victims had their data encrypted by ransomware.
- IT teams rank the lack of support from the executive team for cybersecurity initiatives as the key threat to cyber resilience. Many IT teams also face operational issues that leave no time for cybersecurity.
- 30% of organizations take more than a month to detect known vulnerabilities.
- 38% of organizations fail to prioritize security flaws, while 40% take more than a month to remediate known vulnerabilities (of them, 24% take more than 3 months).
- On average, 20% of endpoints remain continuously unpatched due to laptop shutdowns or update errors.
Lack of Support from Executives Cited as Key Threat to Cyber Resilience
One of the most alarming findings of the report was the lack of support from executive teams for cybersecurity initiatives. IT teams ranked this as the biggest threat to cyber resilience, with many struggling to prioritize security flaws due to operational issues that leave no time for cybersecurity.
The report revealed that 30% of organizations take more than a month to detect known vulnerabilities, while 38% fail to prioritize security flaws altogether. Even more concerning, 40% take more than a month to remediate known vulnerabilities, with 24% taking more than three months to patch these issues.
Communication Gaps and Automation Needed for Effective Vulnerability Management
According to Alex Vovk, CEO and co-founder of Action1, the gaps in the detection and prioritization stages of vulnerability management suggest that the actual proportion of unpatched endpoints could be much higher. He emphasized the need for effective communication between all levels of an organization to eliminate these gaps and build cyber resilience. Additionally, Vovk stressed the importance of implementing automation to streamline vulnerability management and ensure continuous patch compliance.
Action1 Corporation, founded by cybersecurity veterans Alex Vovk and Mike Walters, provides a risk-based patch management platform for distributed networks. The platform helps to discover, prioritize, and remediate vulnerabilities in a single solution, automating the patching of third-party software and operating systems to prevent security breaches and ransomware attacks.
Get the complete report here: https://www.action1.com/2023-state-of-vulnerability-remediation-report/
