The Transform Technology Summits begin October thirteenth with Low-Code/No Code: Enabling Enterprise Agility. Register now!
Enterprises that procrastinate about implementing software program patch administration give cybercriminals extra time to weaponize new endpoint attack strategies.
A transparent majority (71%) of IT and safety professionals see patching as overly complicated, cumbersome, and time-consuming. In addition, 57% of those self same professionals say distant work and decentralized workspaces make a difficult job much more troublesome. Sixty-two % admit that patch administration takes a backseat to different duties; machine stock and manually primarily based approaches to patch administration aren’t maintaining.
IT integrator Ivanti’s report on patch management challenges, printed on October 7, supplies new insights into the rising variety of vulnerabilities enterprises face by dragging their toes about bettering patch administration. Most troubling is how cybercriminals attempt to capitalize on these patch administration weaknesses on the endpoint degree by weaponizing vulnerabilities, particularly these with distant code execution and quick-hit ransomware assaults.
Ivanti surveyed greater than 500 enterprise IT and safety professionals throughout North America, Europe, the Middle East, and Africa. The outcomes are startling in why and the way typically patches get pushed again, leaving enterprises extra weak to breaches.
The excessive value of gradual patch administration
The survey discovered that 14% of the enterprises interviewed (70 of 500) have skilled a monetary hit price between $100,000 to greater than $1 million to their companies within the final 12 months that might have been prevented with higher patch administration. The Institute for Security and Technology discovered that victims pressured to pay a ransom elevated greater than 300% from 2019 to 2020. According to its Internet Crime Report, the FBI discovered that the collective cost of the ransomware attacks reported to the bureau in 2020 amounted to about $29.1 million, up greater than 200% from $8.9 million the 12 months earlier than. The White House recently released a memo encouraging organizations to make use of a risk-based evaluation technique to drive patch administration and bolster cybersecurity in opposition to ransomware assaults.
Not getting patching proper can have disastrous penalties, because the WannaCry ransomware assault demonstrated. This was a worldwide cyberattack surfacing in May 2017 that focused computer systems working Microsoft Windows by encrypting information and demanding ransom funds within the Bitcoin cryptocurrency.
With greater than 200,000 units encrypted in 150 nations, WannaCry supplies a stark reminder of why patch administration must be a excessive precedence. A patch for the vulnerability exploited by the ransomware had existed for a number of months earlier than the preliminary assault, but many organizations didn’t implement it. As a consequence, enterprises nonetheless fall sufferer to WannaCry ransomware assaults right this moment. There was a 53% increase in the number of organizations affected by WannaCry ransomware from January to March 2021.
Often, the line-of-business house owners throughout an enterprise stress IT and safety groups to place off pressing patches as a result of their methods can’t be introduced down with none impression on income. Sixty-one % of IT and safety professionals say that enterprise house owners ask for exceptions or push again upkeep home windows as soon as 1 / 4 as a result of their methods can’t be introduced down. In addition, 60% mentioned that patching causes workflow disruption to customers. While enterprises gradual the tempo of patch deployments, cybercriminals speed up vulnerability weaponization efforts.
Enterprises wrestle to regulate new cyberattacks
Many IT and safety groups are actually stretched skinny and wrestle to regulate the various new assault floor dangers their enterprises face. Ivanti’s survey reveals that IT and safety groups aren’t capable of reply rapidly sufficient to avert breaches. For instance, 53% mentioned that organizing and prioritizing important vulnerabilities takes up most of their time, adopted by issuing resolutions for failed patches (19%), testing patches (15%), and coordinating with different departments (10%).
The myriad challenges that IT and safety groups face relating to patching could also be why 49% of IT and safety professionals consider their firm’s present patch administration protocols fail to mitigate threat successfully.
Like enterprises, cybercriminals recruit new expertise to assist devise new approaches to weaponizing vulnerability methods they see working. That’s why enterprises should outline a patch administration technique that scales past machine stock and manually primarily based approaches that take an excessive amount of time to get proper. With ransomware having a report 12 months, enterprises want to seek out new methods to automate patch administration at scale now.
VentureBeat’s mission is to be a digital city sq. for technical decision-makers to realize data about transformative know-how and transact.
Our web site delivers important data on information applied sciences and techniques to information you as you lead your organizations. We invite you to turn out to be a member of our neighborhood, to entry:
- up-to-date data on the topics of curiosity to you
- our newsletters
- gated thought-leader content material and discounted entry to our prized occasions, akin to Transform 2021: Learn More
- networking options, and extra