Data breaches and cyber-attacks are often caused by failing to patch known (and fixable) vulnerabilities
Data breaches were rarely out of the news last year, with the likes of VTech, OPM, Experian/T-Mobile, Ashley Madison and even Hello Kitty all admitting to data leaks.
While you might expect attackers to be using sophisticated methods to get at user data, a new survey from software solutions firm BMC and Forbes Insights reveals that in many cases, it’s known but unpatched vulnerabilities that are being exploited.
According to the findings, 44 percent of security breaches occur after vulnerabilities and solutions have been identified. In other words, the problems could have been avoided if found vulnerabilities had been addressed sooner.
Apparently the reason for the tardiness is executives find it "challenging to prioritize which systems to fix first, since the security and operations teams may have different priorities".
60 percent of executives surveyed said the two teams have only a general or a little understanding of each other’s requirements.
"Today, it often takes companies months to remediate known vulnerabilities -- exposing them to potential breaches for six months or more as they work to resolve known threats", said Bill Berutti, president of the cloud, data center and performance businesses at BMC. "To discover, prioritize and fix vulnerabilities quickly calls for improved coordination between the security and IT operations teams. Narrowing the SecOps gap is critical to protecting an organization's brand and also ensures customer confidence in the ability for the business to protect its information".