Enterprises struggle to patch endpoints against critical vulnerabilities
Less than half of organizations can patch vulnerable systems swiftly enough to protect against critical threats and zero-day attacks, and 81 percent have suffered at least one data breach in the last two years.
A new report from cyber hygiene platform Automox cites the pace of digital transformation and modern workforce evolution, difficulty in patching systems belonging to mobile employees and remote offices, inefficient patch testing, lack of visibility into endpoints, and insufficient staffing in SecOps and IT operations as inhibitors to patching.
When asked about the root causes of breaches, respondents placed phishing attacks (36 percent) at the top of the list, followed by missing operating systems patches (30 percent), missing application patches (28 percent) and operating system misconfigurations (27 percent).
With missing patches and configurations cited more frequently than such high-profile issues as insider threats (26 percent), credential theft (22 percent), and brute force attacks (17 percent), three of the four most common issues can be addressed simply with better cyber hygiene.
While experts recommend patching critical vulnerabilities within 72 hours of their disclosure, the study shows less than 50 percent of enterprises can meet the 72-hour standard and only about 20 percent can match the 24-hour threshold for zero-days.
"We are unquestionably in the midst of a major patching dilemma which is getting increasingly worse by the day as the number of enterprise endpoints -- and the typical enterprise attack surface -- is growing at unprecedented rates and making it nearly impossible for organizations to keep up," says Automox CEO Jay Prassl. "Our 2020 Cyber Hygiene Report shows a very strong correlation between automation and the ability to patch endpoints faster and proactively harden them more frequently than typical legacy systems allow. Organizations that prioritize cyber hygiene through these methods reduce risk across the enterprise, lower IT costs, and accelerate their business transformation."
You can read more and get the full report from the Automox blog.