3 min read

Four in Ten Organizations Suffered a Breach Due to Unpatched Vulnerabilities in the Past Two Years

Filip Truta

August 19, 2020

Four in Ten Organizations Suffered a Breach Due to Unpatched Vulnerabilities in the Past Two Years

The most dangerous security flaws continue to expose valuable assets as a result of chasing down vulnerabilities that pose minimal risks, according to 60% of IT security professionals. Four in ten admitted to suffering a breach because of unpatched flaws in their systems.

Vulnerability management remains a major problem at organizations big and small across the globe. A study conducted by the Ponemon Institute for IBM highlights several key vulnerability management challenges for on-premises and cloud environments in North America, Europe, the Middle East, Africa, the Asia-Pacific region and Latin America across a variety of industries.

While too many false positives is not a new problem, the impact they can have in increasing the risk of a cybersecurity compromise is significant, researchers explained.

As a result of chasing down false positives and vulnerabilities that pose minimal risks, 60% of respondents say the most dangerous vulnerabilities continue to expose their organizations to the risk of suffering a breach. More than half of respondents say their organization experienced a data breach in the past two years, and 42% say the breach occurred because of a known vulnerability that remained unpatched. Over a period of six months, organizations have on average a backlog of 57,555 identified vulnerabilities.

Researchers believe false positives will not go away due to how practitioners are incentivized.

“Removing false positives may clean up the vulnerability report, which makes practitioners ‘look good’ in front of their managers and auditors. However, it does not make your organization more secure,” the report states. “Weeding out false positives and minimal risk vulnerabilities is important. However, prioritizing the ones that attackers are exploiting and that affect high value assets is more impactful for reducing risk,” researchers said.

Automated patch management is an instrumental component in an organization’s cybersecurity stack. If they are going to do their job well, IT reps must have at their disposal the means to zero in on misconfigurations, vulnerable applications, user behavior risks, individual devices and users and fix misconfigurations or patch vulnerabilities.

Unpatched systems leave organizations susceptible to data breaches. Keep your OS and applications up to date across the entire install base – workstations, physical servers and virtual servers – with GravityZone Patch Management.



Filip Truta

Filip is an experienced writer with over a decade of practice in the technology realm. He has covered a wide range of topics in such industries as gaming, software, hardware and cyber-security, and has worked in various B2B and B2C marketing roles. Filip currently serves as Information Security Analyst with Bitdefender.

View all posts

You might also like