Two in Three Orgs Not Convinced They Can Avoid a Breach
A majority of organizations confessed that they are not certain whether the security strategies they have in place will be effective in preventing data breaches, according to a Ponemon Institute survey.
More than 600 cybersecurity leaders and professionals who are responsible for evaluating, selecting and/or implementing security solutions took part in the survey. Based on the survey results, Balbix published a new report, The Challenging State of Vulnerability Management Today, which found that only one in three organizations are confident they can avoid data breaches.
Vulnerability management, particularly those vulnerabilities in unseen or unpatched systems is an issue for many organizations, with 69% of respondents identifying delayed patching as an issue and 63% admitting that they are not able to respond to alerts.
“We are not surprised by these findings from Ponemon Institute’s research,” said Gaurav Banga, founder and CEO of Balbix.
“While respondents’ confidence levels in their ability to avoid a breach is obviously troubling, it is clear that most understand the reasons why – alert volume, limited team resources, lack of visibility across assets and very limited contextual risk. On the positive side, respondents cite a clear list of capabilities that can help them better see and manage their vulnerabilities, which will eventually improve their overall security posture.”
With regard to mitigating vulnerabilities and patching, 68% of respondents said staffing is an obstacle that stands in the way of their organizations having a strong cybersecurity posture, while only 15% reported that patching is highly effective. The results are indicative of a lack of resources, leaving security teams unable to identify and patch vulnerabilities, as 67% of participants said they lack the time and resources needed for vulnerability management.
In addition, 63% say “inability to act on the large number of resulting alerts and actions” is problematic. Nearly half (49%) of organizations said they do complete, up-to-date patching, yet 49% also said that they scan only quarterly or on an "ad hoc" basis. Another 69% admitted to scanning only once a month or less frequently.
“From this research, it is clear that most enterprises recognize not only are they under-resourced in finding and managing their vulnerabilities, but they also have gaps around assessing the risk and getting full visibility across their IT assets,” said Larry Ponemon, founder and chairman of Ponemon Institute, “which no doubt led to that low confidence vote in their ability to avoid a data breach.”
Source: Information Security Magazine