Security professionals admit their organisations are at a disadvantage because they use manual processes to patch vulnerable systems.
The ServiceNow sponsored research, Today’s state of vulnerability response: patch work demands attention from the Ponemon Institute, reported that 57% of security professionals acknowledge their organisation is at a disadvantage because of the reliance on manual processes to respond to vulnerabilities.
By submitting your personal information, you agree that TechTarget and its partners may contact you regarding relevant content, products and special offers.
The Ponemon Institute’s survey found 56% of security professionals agreed that security professionals spend more time navigating manual processes than responding to vulnerabilities, which leads to an insurmountable response backlog, while 53% said attackers are outpacing enterprises with technology such as machine learning or artificial intelligence.
The research, based on surveying 3,000 security professionals across nine countries, reported that organisations spend 321 hours a week on average – the equivalent of about eight full-time employees – managing the vulnerability response process.
Annually, organisations are spending 18,000 hours at a cost of $1.1m on patching activities.
However, the study found organisations are struggling to keep up with patching, with 57% of security professionals admitting the average time to patch before an exploit is in the wild has decreased by 30% in the past two years.
The Ponemon Institute reported that security professionals believe delays in vulnerability patching are primarily caused by not having a common view of applications and assets across security and IT teams (80%). On average, 11 days are lost coordinating with the responsible team before a patch is applied. Other obstacles are not having enough resources to keep up with the volume of patches (75%) and human error (67%).
On average, the respondents surveyed plan to hire about four people dedicated to vulnerability response – an increase of 50% over today’s staffing levels, according to the Ponemon Institute.
“Adding more talent alone won’t address the core issue plaguing today’s security teams,” said Jason Sutton, vice-president for UK and Ireland at ServiceNow. “Automating routine processes and prioritising vulnerabilities will help organisations avoid the ‘patching paradox’, instead focusing their people on critical work to dramatically reduce the likelihood of a breach.”