Users take two months to patch internal IT

News

Users take two months to patch internal IT

Arif Mohamed
Companies are taking an average of two months to patch internal systems, according to research presented to the Black Hat Briefings security conference.

The Laws of Vulnerabilities assessment from ITsecurity group Qualsys found it takes firms on average 62 days to patch internal systems, and 21 days to patch internet-connected systems.

The study also found that 50% of the most prevalent and critical vulnerabilities are replaced by new vulnerabilities on an annual basis, and the lifespan of some worms is unlimited.

"In most cases, worms are circulating faster than systems being patched inside the network. Organisations have to be more aggressive about protecting their internal systems," said Gerhard Eschelbeck, CTO at Qualys.

The research looked at trends relating to four million critical vulnerabilities collected over two and a half years.

Phil Cracknell, security consultant at NetSecurity, said, "There has to be some delay in a patch being released and tested, but I expected it to be lower than 21 days. Companies have to get it down - five days is acceptable. They have to lose the hard-shell, squishy-centre mentality."

Email Alerts

Register now to receive ComputerWeekly.com IT-related news, guides and more, delivered to your inbox.
By submitting you agree to receive email from TechTarget and its partners. If you reside outside of the United States, you consent to having your personal data transferred to and processed in the United States. Privacy
 

COMMENTS powered by Disqus  //  Commenting policy