WavebreakmediaMicro - Fotolia

German IT security ahead of UK

UK organisations are failing to patch vulnerabilities quickly, according to a new survey

A survey of 200 UK and 200 German organisations conducted by Vanson Bourne on behalf of Tenable Network Security has found less than a third of UK organisations could patch significant vulnerabilities in an hour.

These include security risks such as ShellShock and Heartbleed, where exploits exist in the wild. Of the German organisations, 48% believed they would be able to apply patches to their systems to protect against hacking attacks.

When asked how quickly IT would be able to detect if a user had installed new software on the organisation’s systems, UK respondents admitted it would take 40 hours, while the Germans said they would be able to achieve the same result in 17 hours.

Gavin Millard, technical director at Tenable Network Security, said: “If you think back to when ShellShock was revealed in September 2014, within hours attackers had created botnets of compromised computers to launch attacks, with millions of attacks and probes related to the bug recorded in the days after. 

“For the 22% of UK organisations in our study that said it would take between a day and a month to find and fix vulnerabilities, that’s a long time to have a chink in your defences.”

Only 11% of German organisations surveyed admitted to taking so long to patch vulnerabilities.

The survey also found 7% of UK organisations were unable to detect unauthorised devices connecting to the corporate network, compared with 1% of Germans. The German respondents were also ahead of the UK in terms of unauthorised access, taking an average of 10 hours to discover unauthorised devices, compared with 15 hours in the UK.

A recent Computer Weekly article noted that in some enterprises virtual machine sprawl has left security professionals with almost no way to react quickly - and that is a bigger problem than any single vulnerability.

Read more on Endpoint security