Majority of IT security professionals find patches too complex

According to a new report from Ivanti, an overwhelming majority – 71% – of IT and security professionals find patching to be too complex, tedious and time-consuming.

In fact, 57% of respondents said working remotely has increased the complexity and scale of patch management.

The current speed of business has changed user expectations with new impacts on IT. And the rapid shift to remote working accelerated digital transformation by seven years. In Everywhere Workplace, employees connect to various devices to access corporate networks, data, and services as they work and collaborate from new and different locations. Patching has never been so difficult.

In fact, unpatched vulnerabilities remain one of the most common entry points for ransomware attacks, increasing in frequency and impact for businesses of all sizes.

According to Ivanti, the WannaCry ransomware attack, which encrypted approximately 200,000 computers in 150 countries, remains a prime example of the severe repercussions that can occur when patches are not applied quickly. A patch for the vulnerability exploited by the ransomware had existed for several months before the initial attack, but many organizations did not implement it.

Even now, four years later, two-thirds of companies still haven’t patched their systems. Yet organizations around the world are still targeted by WannaCry ransomware attacks; there was a 53% increase in the number of organizations affected by WannaCry ransomware from January to March 2021.

Patching to mitigate vulnerability exposure and ransomware vulnerability faces resource challenges and enterprise reliability issues. The survey found that 62% of respondents said patching often takes a back seat to their other tasks and 60% said patching disrupts user workflow.

Additionally, 61% of IT and security professionals said line of business owners request exceptions or push back maintenance windows once a quarter because their systems cannot be shut down.

At the same time, the speed of vulnerability weaponization continues to increase. It’s the perfect storm of poor visibility due to the recently decentralized workforce and the growth of sophisticated threat actors targeting critical vulnerabilities.

As threat actors mature their tactics and weaponize vulnerabilities, especially those with remote code execution, organizations are grappling with attack surface risk and ways to expedite patching and remediation . IT and security teams simply cannot react quickly enough; 53% said organizing and prioritizing critical vulnerabilities takes up most of their time, followed by issuing resolutions for failed patches (19%), testing patches (15%), and coordinating with other services (10%). The myriad challenges that IT and security teams face when it comes to patching may explain why 49% of respondents believe their company’s current patch management protocols are failing to effectively mitigate risk.

“These results come at a time when IT and security teams are facing the challenges of the Everywhere Workplace, in which workforces are more distributed than ever and ransomware attacks are intensifying and impacting economies and businesses. governments,” said Srinivas Mukkamala, senior vice president. security products at Ivanti.

“Most organizations don’t have the bandwidth or resources to map active threats such as ransomware, with the vulnerabilities they exploit,” he says.

“The good news is that the combination of risk-based vulnerability prioritization and automated patch intelligence can bring to light vulnerabilities that are being actively exploited and have links to ransomware.

“With unique patch reliability, IT and security teams can seamlessly deploy patches and address common issues that put organizations at risk.”

Top industry leaders, practitioners, and analyst firms recommend a risk-based approach to identify and prioritize vulnerabilities, then accelerate remediation. The White House recently released a note encouraging organizations to use a risk-based assessment strategy to drive patch management and strengthen cybersecurity against ransomware attacks. Additionally, Gartner has ranked risk-based vulnerability management as one of the top security projects that security and risk management professionals should focus on in 2021 to drive business value and reduce risk. risks.

Comments are closed.