IoT / 82 per cent of firms say their vulnerability remediation process is ‘broken’
82 per cent of firms say their vulnerability remediation process is ‘broken’
5 November 2015
Businesses are struggling to remediate security vulnerabilities in time, with many lacking adequate processes and sufficient information about the cyber security risks their organisations face, a new whitepaper has found.
Firms are failing to safeguard themselves, with 82 per cent of firms saying that their existing process for handling security vulnerabilities is “broken”, according to a new report from risk management solutions provider Nopsec.
A further 37 per cent of organisations said that their remediation procedures needed “major improvement”, despite the fact that nearly 70 per cent scanned their IT environment on a daily basis.
IT departments frequently struggled to cope with the threats they found, with 78 per cent citing a lack of the resources required to fix problems discovered within their systems.
Some respondents said that too much time was spent on the intensive process of assessing vulnerabilities, leaving too little time for remediation.
Other reasons given by respondents for the lack of attention paid to remediation were a lack of budget, a deficient understanding of the threats posed, and the virtual absence of accountability, defined roles and responsibilities.
Another significant challenge many IT departments faced was invalid data, with high numbers of false positives. More than half of all respondents said that “data overload” was the most significant challenge to effective vulnerability prioritisation.
Three quarters said that vulnerability remediation suffered when placed directly in competition with other operational demands, as many company leaders will choose making a profit over necessary system reboots.
60 per cent of respondents thought that executives did not pay enough attention to vulnerability remediation, saying that their firms’ leaders were only “somewhat” to “not at all” informed about the risks faced.
Arnold Felberbaum, a strategic advisor to NopSec and contributor to the whitepaper’s survey, said: “Properly prioritising vulnerabilities and working across teams to rapidly remediate the top threats is the only way we can close the gap and keep up with the onslaught of cyber attacks.
“Organisations are finally realising that the compliance checklist mentality is not enough when it comes to vulnerability management, and that it is essentially worthless when it comes to actual remediation.”