TRENDING
Manager and Vice President Sales EMEA,
ServiceNow. “Automating routine processes
and prioritising vulnerabilities will help
organisations avoid the ‘patching paradox,’
instead focusing their people on critical
work to dramatically reduce the likelihood
of a breach.”
Firms plan to invest in additional
staff for vulnerability response
Cybersecurity teams already dedicate a
significant proportion of their resources
to patching.
• EMEA organisations spend 319
hours a week on average – the
equivalent of about eight full-time
employees – managing the vulnerability
response process
• 63% of EMEA respondents say they
plan to hire more dedicated resources for
patching over the next 12 months
• On average, the EMEA respondents
surveyed plan to hire about 3.8 people
dedicated to vulnerability response,
an increase of 48% over today’s
staffing levels
Hiring won’t solve the problem:
teams struggle with broken processes
According to ISACA, a global non-profit
IT advocacy group, the global shortage
of cybersecurity professionals will reach
two million by 2019. The study found that
hiring won’t solve the vulnerability response
challenges facing EMEA organisations, with
the results of the respondents based in
EMEA revealing that:
“
MOST DATA
BREACHES OCCUR
BECAUSE OF
A FAILURE TO
PATCH, YET MANY
ORGANISATIONS
STRUGGLE
WITH THE BASIC
HYGIENE OF
PATCHING.
• 53% say that they spend more time
navigating manual processes than
responding to vulnerabilities
• EMEA security teams lost an average
of 11.5 days manually coordinating
patching activities across teams
• 65% say they find it difficult to prioritise
what needs to be patched first
• 62% say that manual processes
put them at a disadvantage when
patching vulnerabilities
• 56% say that hackers are outpacing
organisations with technologies
such as machine learning and
artificial intelligence
• Cyberattack volume increased by 16%
last year and severity increased by 22%
“Most data breaches occur because of a
failure to patch, yet many organisations
struggle with the basic hygiene of patching,”
van der Wilt said.
“Attackers are armed with the most
innovative technologies and security teams
will remain at a disadvantage if they don’t
change their approach.”
Quickly detecting and patching
vulnerabilities significantly reduces
breach risk
Philip van der Wilt, General Manager and
Vice President Sales EMEA, ServiceNow
22
INTELLIGENTCIO
Organisations that were breached struggle
with vulnerability response processes
compared with those organisations that
weren’t breached:
• 48% of EMEA organisations have
experienced a data breach in the last two
years, compared to 48% globally
• A majority of EMEA breach victims (54%)
said that they were breached because
of a vulnerability, for which a patch was
already available
• A total of 32% of EMEA security
professionals were aware that they were
vulnerable before they were breached
• EMEA organisations that avoided
breaches rated themselves 29% higher
on the ability to patch quickly (compared
to 41% globally) than organisations that
had been breached
• 40% of breach victims said they don’t
scan for vulnerabilities
“If you’re at sea taking on water, extra hands
are helpful to bail,” van der Wilt said. “The
study shows most organisations are looking
for bailers and buckets instead of identifying
the size and severity of the leak.”
Broken processes can be overcome
Here are five key recommendations that
provide organisations with a pragmatic
roadmap to improve security posture:
• Take an unbiased inventory of
vulnerability response capabilities
• Accelerate time-to-benefit by tackling
low-hanging fruit first
• Regain time lost coordinating by breaking
down data barriers between security and IT
• Define and optimise end-to-end
vulnerability response processes and then
automate as much as you can
• Retain talent by focusing on culture
and environment n
“
ADDING MORE
TALENT ALONE
WON’T ADDRESS
THE CORE ISSUE
PLAGUING
TODAY’S
SECURITY TEAMS.
www.intelligentcio.com