icetray - Fotolia

Security professionals admit patching is getting harder

Vulnerable systems need patching to avoid being attacked by security exploits, yet many businesses find it hard to apply patches quick enough

Security professionals admit their organisations are at a disadvantage because they use manual processes to patch vulnerable systems.

The ServiceNow sponsored research, Today’s state of vulnerability response: patch work demands attention from the Ponemon Institute, reported that 57% of security professionals acknowledge their organisation is at a disadvantage because of the reliance on manual processes to respond to vulnerabilities.

The Ponemon Institute’s survey found 56% of security professionals agreed that security professionals spend more time navigating manual processes than responding to vulnerabilities, which leads to an insurmountable response backlog, while 53% said attackers are outpacing enterprises with technology such as machine learning or artificial intelligence.

The research, based on surveying 3,000 security professionals across nine countries, reported that organisations spend 321 hours a week on average – the equivalent of about eight full-time employees – managing the vulnerability response process.

Annually, organisations are spending 18,000 hours at a cost of $1.1m on patching activities.

However, the study found organisations are struggling to keep up with patching, with 57% of security professionals admitting the average time to patch before an exploit is in the wild has decreased by 30% in the past two years.

The Ponemon Institute reported that security professionals believe delays in vulnerability patching are primarily caused by not having a common view of applications and assets across security and IT teams (80%). On average, 11 days are lost coordinating with the responsible team before a patch is applied. Other obstacles are not having enough resources to keep up with the volume of patches (75%) and human error (67%).

Read more about patch management

On average, the respondents surveyed plan to hire about four people dedicated to vulnerability response – an increase of 50% over today’s staffing levels, according to the Ponemon Institute.

“Adding more talent alone won’t address the core issue plaguing today’s security teams,” said Jason Sutton, vice-president for UK and Ireland at ServiceNow. “Automating routine processes and prioritising vulnerabilities will help organisations avoid the ‘patching paradox’, instead focusing their people on critical work to dramatically reduce the likelihood of a breach.”

Read more on Endpoint security

Start the conversation

Send me notifications when other members comment.

By submitting you agree to receive email from TechTarget and its partners. If you reside outside of the United States, you consent to having your personal data transferred to and processed in the United States. Privacy

Please create a username to comment.

-ADS BY GOOGLE

SearchCIO

SearchSecurity

SearchNetworking

SearchDataCenter

SearchDataManagement

Close