A quarter of organisations exposed to cyber-attacks due to unpatched vulnerabilities

A recently released survey by TripWire has shown that a staggering number of organisations across the world fail to do vulnerability scanning on a regular basis leaving them dangerously exposed to cyber threats.

34o information security professionals from across the world took part in the survey with over 34% of those based in Europe revealing that their organisations had suffered security breaches due to unpatched vulnerabilities.

The data also revealed that almost 40% of organisations don’t scan for vulnerabilities on a weekly basis as recommended by industry standards. 22% said they ran scans only on a quarterly basis.

image1

“Reducing your cyber-attack surface by patching is probably the single most effective thing you can do to protect your network. Recent warnings from the likes of the NSA on "BlueKeep" which effects older version of Microsoft Windows reinforces this message yet many organisations will not apply patches to their systems and software. This seems to be a systemic issue which security teams often fail to stay on top of.

The evidence is very real, take the EternalBlue vulnerability affecting SMB v1 which was announced on 14 March 2017.  Two months since a patch was released many had still failed to implement it and on 12 May WannaCry hit the world infecting more than 200,000 systems globally and costing an estimated £148 billion to recover. Prevention is better than remediation but many fall foul of leaving their systems unpatched for a multitude of reasons. Millions of pounds and reputational damage could be saved if a better way to identify and implement vulnerability patching was implemented across operating systems and software running on these systems alongside adhering to security controls,” said Sachin Bhatt, CISO & Head of Incident Management at XQ Cyber.

Get to grips with patching with CyberScore™

Cybercriminals and security professionals are in a constant arms race when it comes to vulnerabilities. The criminals are constantly seeking them out in order to exploit them whilst the security experts are trying to eliminate them altogether.

Unintended flaws that slip through the net are common in software, so failing to patch them can quickly leave exploitable holes in an organisation’s system.  As such, patch management is a vital part of any cybersecurity plan. With the bulk of attacks being the result of exploited common vulnerabilities, the implementation of effective patch management can eliminate most of the dangers they pose.

As many SMEs lack cyber expertise, patch management can be a challenge. However, CyberScore™ makes patch management quick and easy. CyberScore™ is an automated testing service that allows you to take control of your cybersecurity by detecting vulnerabilities and providing you with empirical evidence and Get-Well plans.

Simply schedule a scan (ideally every month) and voila it will detect any vulnerable software on your networks allowing you to quickly implement an effective patch management strategy.

CyberScore™ also allows you to:

  • Continuously understand your cybersecurity posture
  • Track your progress and watch your cyber health improve as mitigation measures are implemented
  • Track cyber risks across supply chains and third parties without the need for consultants or questionnaires
  • Set minimum standards, hold suppliers and service providers to account
  • Dispense with impenetrable reports. Instead, receive a clear and concise Get-Well Plan that can be shared with staff and service providers
  • Dramatically reduce the cost and improve the quality of compliance penetration testing

Automated Cyber Essentials Plus

Cyber Essentials is designed to help organisations guard against the most common cyber threats and one of the five technical controls of the scheme is patch management.

Having a Cyber Essentials certificate gives a business a competitive edge and reassures their customers that they take cybersecurity seriously. Being certified at the highest level of Cyber Essentials depends on having an independent assessment of your systems.

Until now, it has only been possible to achieve Cyber Essentials Plus certification by employing a specialist company to perform on-site testing. This can be both expensive and difficult to do at scale. However, through clever innovation, XQ have been able to transform this process. With the company’s award-winning CyberScore™ service, organisations of all sizes will be able to automate the process of certification, cutting both the expense and amount of time it takes to achieve.

For more information about CyberScore™ and how it can help your business visit – https://xqcyber.com/cyberscore

Follow us on FacebookTwitter and LinkedIn and sign up to our newsletter