Employees know vulnerabilities exist, but they can’t resolve them quickly enough

There is a sharp remediation gap between when organizations first detect vulnerabilities and when those issues are ultimately resolved, Adaptiva survey reveals.

vulnerabilities remediation challenge

The survey also found that companies overwhelmingly do not have the staff to handle today’s security demands, and leveraging current vulnerability management tools is one of their greatest cybersecurity challenges.

Additionally, just 29% of companies will complete the migration to Windows 10 by Jan. 14, 2020, the end of support deadline for Windows 7, placing an enormous number of systems at risk.

“Security threats are coming at organizations from all sides, and companies don’t have the manpower to combat them effectively despite their best efforts,” said Jeff Harrell, vice president of marketing at Adaptiva.

“Employees know vulnerabilities exist, but they can’t resolve them quickly enough. Something must be done to close this dangerous remediation gap. The time between detection and resolution of vulnerabilities leaves companies at profound risk.”

Enterprises admit they can’t fix known security issues fast enough

The gap between when a vulnerability is found and fixed exposes organizations to severe threat as cyberattackers need only a few minutes of access to bring down an entire organization. Organizations are challenged in their efforts to protect and maintain endpoints.

  • The survey reveals that as the number of vulnerabilities discovered each day continues to rise, nearly half (47%) of respondents cite scanning endpoints for vulnerabilities as their most challenging security best practice. IT professionals also indicate that the current landscape of VM scanning solutions doesn’t solve their problems. Concurrently, patching applications and the Windows OS rank as the second biggest challenges, tied at 44% each.
  • Responses also show that once a vulnerability is detected, it takes more than half (52%) of the organizations surveyed up to a week to remediate it. Another 22% require a month or more to fix it, while just 26% are able to remediate vulnerabilities the day they are found.
  • Nevertheless, 91% of respondents report that maintaining current, compliant security configuration is very or extremely important.

Vast majority of businesses will fail to complete Windows 10 migration before 2020

This year’s survey also shows that although Windows 10 deployments achieved critical mass last year, a significant number of organizations will fail to meet the Windows 7 end of support deadline. Without the security enhancements provided by Windows 10, systems are at greater risk.

  • On Jan. 14, 2020, as support for Windows 7 ends, only 29% of companies will have completed migration to Windows 10, potentially exposing millions of endpoints to security vulnerabilities.
  • Progress is being made, however, as 87% of organizations expect to have more than half of their systems migrated by then.

vulnerabilities remediation challenge

Staffing levels remain a problem

These problems are compounded as most companies feel a resource crunch. Respondents indicate that they struggle to maintain desired levels of security.

  • Only 17% of companies believe they are well-staffed and able to do security right.
  • Nearly two-thirds (73%) report being stretched thin, even as they mostly keep up.
  • The remaining 10% cannot meet high-priority needs and/or report an inability to perform essential security operations.

Automation may offset the workload

Although automated vulnerability scans have posed challenges in terms of the volume of issues they uncover, new options are emerging that leave respondents hopeful for the future. Many reflect the belief that automation can solve a large percentage of their help desk tickets, dramatically reducing workloads.

  • Thirty-six percent of respondents indicate that over half of their help desk tickets can be automated.
  • Another 33% think they could automate more than one quarter.
  • Some of the best candidates for automation include break/fix software tickets (other than malware exploit impact), which represent 28% of tickets, and application installations or upgrades, which account for 14% of tickets.

Don't miss