Over 70% of businesses will leave holes in their defenses for over a month, will you do the same?
According to recent research, most businesses will not patch critical security breaches, even after 3 full months. When these openings are left undefended, all of a business’s personal information, financial records, and data can be stolen. This can create serious threats to any business, especially when a patch is already available to solve the problem.
Unpatched vulnerabilities are one of the easiest problems in cyber security to solve, yet most businesses will leave these problems unattended. Without patching the openings, cyber crimes can happen unabated, leaving businesses to fix vulnerabilities that have already been exploited.
Thanks to a recent report, we know a lot more about how businesses address security flaws, but the average response plan paints a grim picture:
- One week after discovery, organizations close out about 15 percent of vulnerabilities. In the first month, that closure reaches just under 30 percent. By the three-month mark, organizations close less than half of all flaws. It takes 16 months (472 days) to close 75 percent of vulnerabilities with available patches.
- It took organizations an average of 604 days to close 75 percent of low severity flaws.
- 1 in 4 high and very high severity flaws are not addressed within 290 days of discovery.
- Flaws persist 3.5x longer in applications only scanned 1 to 3 times per year compared to ones tested 7 to 12 times per year.
- Infrastructure, manufacturing, and financial industries have the hardest time fully addressing found flaws.
- The majority of applications suffered from information leakage (67 percent), cryptographic problems (64 percent), poor code quality (63 percent), and CRLF (carriage return line feed or HTTP response splitting) injection (60 percent). SQL injection flaws are still present in 28 percent of applications. Cross site scripting (XSS) vulnerabilities are found in 49 percent of applications.
- Mitigation/remediation: 52 percent of flaws are fixed, while 44 percent are unresolved and 4 percent are mitigated.
- Companies in the Asia Pacific region patch 25 percent of bugs within an average of eight days, followed by the Americas in 22 days, and 28 days for organizations in Europe and the Middle East.
- This year’s close rates improved by 12 percent as customers closed almost 70 percent of vulnerabilities they found.
Keeping your systems up to date and patched is one of the many areas Corsica Technologies can help keep your business safe. Don’t let your business be one of the casualties of this report, keep your systems updated and secure with Corsica Technologies. We take on our clients’ most complex IT business challenges, evaluating overall business goals to apply innovative IT solutions and increase business profitability.