Half of security teams struggling to cope with volume of vulnerabilities
As the number of CVEs continues to rise, a new study finds 46 percent of respondents say that the volume of vulnerabilities has placed additional strain on their security teams’ resources impacting not only organizational security but also staff well being.
The report from Hackuity also shows that 26 percent, admit this pressure has contributed to a data breach, while 36 percent, report it resulted in a regulatory fine.
Over a third (36 percent) also say it has delayed incident response, and 33 percent report missed security alerts as a result. In terms of the human impact, 38 percent report that it has led to burnout within the team.
Svlvain Cortes, VP strategy at Hackuity, says, “We know that teams are feeling the pressure right now -- but what’s most concerning is the knock-on effect this is having on organizations and on the team’s -- well-being. From missed alerts to fines, there are real consequences at play when vulnerabilities aren’t managed in a way that’s making the best use of team’s time and expertise. The nonstop flood of alerts isn’t just stressful, it’s costly.”
While most organizations, 77 percent, report that they have formalized vulnerability remediation processes in place for identifying vulnerabilities, only 36 percent have a risk-based approach as the primary method, where vulnerabilities are based on asset criticality‚ exploitability and business impact.
It also seems that there is more work to do in moving vulnerability management higher up the agenda as 60 percent of respondents reported that it does not receive the same focus as other IT security projects.
“Security leaders need to look at how they’re equipping their teams to make sure they can keep pace with the rising volume and complexity of vulnerabilities,” adds Cortes. “Without context and intelligence around the alerts, they risk wasting valuable time and resources chasing down threats or missing alerts that could pose the greatest risk for their organization.”
You can find out more on the Hackuity site.
Image credit: Leowolfert/Dreamstime.com