Users take two months to patch internal IT


Users take two months to patch internal IT

Arif Mohamed
Companies are taking an average of two months to patch internal systems, according to research presented to the Black Hat Briefings security conference.

The Laws of Vulnerabilities assessment from ITsecurity group Qualsys found it takes firms on average 62 days to patch internal systems, and 21 days to patch internet-connected systems.

The study also found that 50% of the most prevalent and critical vulnerabilities are replaced by new vulnerabilities on an annual basis, and the lifespan of some worms is unlimited.

"In most cases, worms are circulating faster than systems being patched inside the network. Organisations have to be more aggressive about protecting their internal systems," said Gerhard Eschelbeck, CTO at Qualys.

The research looked at trends relating to four million critical vulnerabilities collected over two and a half years.

Phil Cracknell, security consultant at NetSecurity, said, "There has to be some delay in a patch being released and tested, but I expected it to be lower than 21 days. Companies have to get it down - five days is acceptable. They have to lose the hard-shell, squishy-centre mentality."

Email Alerts

Register now to receive IT-related news, guides and more, delivered to your inbox.
By submitting your personal information, you agree to receive emails regarding relevant products and special offers from TechTarget and its partners. You also agree that your personal information may be transferred and processed in the United States, and that you have read and agree to the Terms of Use and the Privacy Policy.

COMMENTS powered by Disqus  //  Commenting policy