Unpatched Vulnerabilities: Why Most Businesses Can Be Easily Hacked

Over 70% of businesses will leave holes in their defenses for over a month, will you do the same?

According to recent research, most businesses will not patch critical security breaches, even after 3 full months. When these openings are left undefended, all of a business’s personal information, financial records, and data can be stolen. This can create serious threats to any business, especially when a patch is already available to solve the problem.

Unpatched vulnerabilities are one of the easiest problems in cyber security to solve, yet most businesses will leave these problems unattended. Without patching the openings, cyber crimes can happen unabated, leaving businesses to fix vulnerabilities that have already been exploited.

Thanks to a recent report, we know a lot more about how businesses address security flaws, but the average response plan paints a grim picture:

  • One week after discovery, organizations close out about 15 percent of vulnerabilities. In the first month, that closure reaches just under 30 percent. By the three-month mark, organizations close less than half of all flaws. It takes 16 months (472 days) to close 75 percent of vulnerabilities with available patches.
  • It took organizations an average of 604 days to close 75 percent of low severity flaws.
  • 1 in 4 high and very high severity flaws are not addressed within 290 days of discovery.
  • Flaws persist 3.5x longer in applications only scanned 1 to 3 times per year compared to ones tested 7 to 12 times per year.
  • Infrastructure, manufacturing, and financial industries have the hardest time fully addressing found flaws.
  • The majority of applications suffered from information leakage (67 percent), cryptographic problems (64 percent), poor code quality (63 percent), and CRLF (carriage return line feed or HTTP response splitting) injection (60 percent). SQL injection flaws are still present in 28 percent of applications. Cross site scripting (XSS) vulnerabilities are found in 49 percent of applications.
  • Mitigation/remediation: 52 percent of flaws are fixed, while 44 percent are unresolved and 4 percent are mitigated.
  • Companies in the Asia Pacific region patch 25 percent of bugs within an average of eight days, followed by the Americas in 22 days, and 28 days for organizations in Europe and the Middle East.
  • This year’s close rates improved by 12 percent as customers closed almost 70 percent of vulnerabilities they found.

Keeping your systems up to date and patched is one of the many areas Corsica Technologies can help keep your business safe. Don’t let your business be one of the casualties of this report, keep your systems updated and secure with Corsica Technologies. We take on our clients’ most complex IT business challenges, evaluating overall business goals to apply innovative IT solutions and increase business profitability.

CALL US: (877) 486-8056 EMAIL US

Corsica Technologies
Corsica provides personalized service and a virtual CIO (vCIO) who serves as a strategic advisor. When it comes to the complex integration of solutions for IT and cybersecurity, the whole is greater than the sum of its parts. We offer cybersecurity solutions, managed services, digital transformation, resale services, and one-off technology projects. Corsica unifies any combination of these services into a complete, seamless solution.

Related Reads

MDM vs. MAM: Which one is right for you? - Corsica Technologies

MDM vs. MAM: Which One Is Right For You?

How should you handle mobile devices that have access to company data and systems? This is a crucial question for today’s on-the-go, hybrid workforce. Maybe you give your team company-owned mobile devices. Or perhaps your employees find it more convenient

Read more
Managed Network Services - Everything You Need to Know - Corsica Technologies

Managed Network Services: Everything You Need To Know

For overworked IT teams, managed network services are a lifesaver. Rather than monitoring network logs, troubleshooting switches, and working overtime to mitigate vulnerabilities, you can engage a trusted partner to manage your network for you. But not all providers are

Read more

Sign Up For Our Newsletter

Stay up-to-date on the Managed Services and Cybersecurity landscape, and be the first to find out about events and special offers.