Patch management is a major issue for enterprises
We already know that outdated systems are a major problem for enterprises as they increase the risk of data breaches.
But a new study by enterprise security specialist Bromium reveals that the act of patching is a big problem for many companies too.
The study of over 500 CISO in companies with more than 1,000 employees, shows over half (53 percent) of CISOs say crisis patch management is a major disruption to their IT and security teams. Enterprises have to issue an emergency patch an average of five times a month, with each crisis patch taking an average of 13 man hours to fix.
In addition 53 percent of businesses say they have had to pay overtime, or bring in a third party issues response team, to issue patches or fire-fight a security issue in the past year, at a cost of $19,908 per patch.
The problem is made worse by many enterprises still relying on legacy systems. Windows 7 was reportedly the system that was worst hit by WannaCry and, according to NetMarketShare, it is also the most popular version of Microsoft’s operating system, accounting for almost 50 percent of Windows computers.
"We can see with the recent WannaCry outbreak -- where an emergency patch was issued to stop the spread of the worm -- that enterprises are still having to paper over the cracks in order to secure their systems," says Simon Crosby, Bromium CTO and co-founder. "The fact that these patches have to be issued right away can be hugely disruptive to security teams, and often very costly to businesses, but not doing so can have dire consequences. WannaCry certainly isn't an isolated case and as ransomware and polymorphic malware become increasingly sophisticated and difficult to defend against, we are going to see many more emergency patches become a crisis -- although, sadly, they will often be too late."
You can find out more about the latest threat landscape on the Bromium blog.