infographic
ServiceNow, a leading digital
workflow company making work,
work better for people, has released
its second sponsored study on
cybersecurity vulnerability and patch
management, conducted with the
Ponemon Institute.
22
T
The study, Costs and Consequences
of Gaps in Vulnerability Response,
found that despite a 24% average
increase in annual spending
on prevention, detection and
remediation in 2019 compared
with 2018, patching is delayed an
average of 12 days due to data silos
and poor organisational coordination.
Looking specifically at the most
critical vulnerabilities, the average
timeline to patch is 16 days.
At the same time, the risk is
increasing. According to the
findings, there was a 17% increase
in cyberattacks over the past year
and 60% of breaches were linked
to a vulnerability where a patch
was available, but not applied.
The study surveyed almost 3,000
security professionals to
understand how organisations
are responding to vulnerabilities.
In this report, ServiceNow
presents the consolidated
findings and comparisons to its
2018 study, Today’s State of
Vulnerability Response: Patch
Work Requires Attention.
The survey results reinforce a need
for organisations to prioritise more
effective and efficient security
vulnerability management:
• 34% increase in weekly costs
spent on patching compared
to 2018
• 30% more downtime vs
2018, due to delays in
patching vulnerabilities
• 69% of respondents plan to
hire an average of five staff
members dedicated to patching
in the next year, at an average
cost of US$650,000 annually for
each organisation
• 88% of respondents said
they must engage with other
departments across their
organisations, which results
in coordination issues that delay
patching by an average of 12 days
The findings also indicate a persistent
cybercriminal environment, underscoring
the need to act quickly:
• 17% increase in the volume of
cyberattacks in the last 12 months
compared to the same timeframe
in 2018
• Nearly 27% increase in cyberattack
severity compared to 2018
The report points to other factors
beyond staffing that contribute to delays
in vulnerability patching:
• 76% of respondents noted the lack of
a common view of applications and
assets across security and IT teams
• 74% of respondents said they cannot
take critical applications and systems
offline to patch them quickly
• 72% of respondents said it is
difficult to prioritise what needs to
be patched
According to the findings, automation
delivers a significant payoff in terms
of being able to respond quickly and
effectively to vulnerabilities. Four in
five (80%) respondents who employ
automation techniques say they respond
to vulnerabilities in a shorter timeframe
through automation.
“Companies saw a 30% increase
in downtime due to patching of
vulnerabilities, which hurts customers,
employees and brands. Many
organisations have the motivation to
address this challenge but struggle
to effectively leverage their resources
for more impactful vulnerability
management. Teams that invest in
automation and maturing their IT
and security team interactions will
strengthen the security posture
across their organisations,” said Sean
Convery, General Manager, ServiceNow
Security and Risk. u
Issue 22
|
www.intelligentciso.com