Ponemon Institute just released its Challenging State of Vulnerability Management 2019 report. What can the results of this 600+ cybersecurity leaders and professionals survey teach us about the state of vulnerability management today?
In a press release today, Balbix says:
Balbix Inc., provider of the security industry’s first system built for avoiding breaches, today released a report based on Ponemon Institute research evaluating the state of vulnerability and risk management in enterprise environments. Ponemon surveyed 600+ cybersecurity leaders and professionals involved in the evaluation, selection and/or implementation of IT security solutions. The results reveal that the vast majority of organizations are not confident in their ability to avoid major data breaches like Equifax or Marriott, and are specifically struggling with vulnerability management to avoid breaches through unseen or unpatched systems.
“From this research, it is clear that most enterprises recognize not only are they under-resourced in finding and managing their vulnerabilities, but they also have gaps around assessing the risk and getting full visibility across their IT assets,” said Larry Ponemon, founder and chairman of Ponemon Institute, “which no doubt led to that low confidence vote in their ability to avoid a data breach.”
Highlights of this report include:
- 61% of these security practitioners say they don’t have adequate context on the business impact if a vulnerable asset got breached.
- 56% are concerned about their inability to predict where or which assets would be compromised.
- Only 39% say their leaders recognize the criticality of effective vulnerability management in avoiding data breaches.
While the expressed lack of confidence in their ability to avoid major data breaches is disquieting, this report offers some recommendations such as:
- Fully discover your attack surface – everything that touches your network, and every way it might get attacked.
- Understand your overall cyber-risk and the specific business risk of each asset if it were breached.
- Use risk-based analysis to prioritize which fixes SecOps and IT teams should work on, postpone and ignore.
- Make SecOps and IT more productive by automating the discovery of asset inventory and vulnerabilities, as well as the creation of prioritized fixes and resulting tickets.
Download your copy of the entire report here: Challenging State of Vulnerability Management Today
Steven Bowcut, CPP, PSP is the Editor-in-Chief for Brilliance Security Magazine