TRENDING
surveyed plan to hire about 3.8 people
dedicated to vulnerability response –
an increase of 48% over today’s
staffing levels
Hiring won’t solve the problem:
teams struggle with broken processes
Adding cybersecurity talent may not be
possible. According to ISACA, a global non-
profit IT advocacy group, the global shortage
of cybersecurity professionals will reach
two million by 2019. The study found that
hiring won’t solve the vulnerability response
challenges facing EMEA organisations, with
“
ADDING MORE
TALENT ALONE
WON’T ADDRESS
THE CORE ISSUE
PLAGUING
TODAY’S
SECURITY TEAMS.
•
•
•
•
years, compared to 48% globally
A majority of EMEA breach victims (54%)
said that they were breached because
of a vulnerability, for which a patch was
already available
32% of EMEA security professionals were
actually aware that they were vulnerable
before they were breached
EMEA organisations that avoided
breaches rated themselves 29% higher
on the ability to patch quickly (compared
to 41% globally) than organisations that
had been breached
40% of breach victims said they don’t
scan for vulnerabilities
“If you’re at sea taking on water, extra hands
are helpful to bail,” van der Wilt said. “The
study shows most organisations are looking
for bailers and buckets instead of identifying
the size and severity of the leak.”
Broken processes can be overcome
Here are five key recommendations that
provide organisations with a pragmatic
roadmap to improve security posture:
the results of the respondents based in
EMEA revealing that:
• 53% say that they spend more time
navigating manual processes than
responding to vulnerabilities
• EMEA security teams lost an average
of 11.5 days manually co-ordinating
patching activities across teams
• 65% say they find it difficult to prioritise
what needs to be patched first
• 62% say that manual processes put
them at a disadvantage when patching
vulnerabilities
• 56% say that hackers are outpacing
organisations with technologies such as
machine learning and artificial intelligence
• Cyberattack volume increased by 16%
last year and severity increased by 22%
28
INTELLIGENTCIO
“Most data breaches occur because of a
failure to patch, yet many organisations
struggle with the basic hygiene of patching,”
van der Wilt said. “Attackers are armed
with the most innovative technologies, and
security teams will remain at a disadvantage
if they don’t change their approach.”
Quickly detecting and patching
vulnerabilities significantly reduces
breach risk
Organisations that were breached struggle
with vulnerability response processes
compared with those organisations that
weren’t breached:
• 48% of EMEA organisations have
experienced a data breach in the last two
• Take an unbiased inventory of
vulnerability response capabilities
• Accelerate time-to-benefit by tackling
low-hanging fruit first
• Regain time lost co-ordinating by
breaking down data barriers between
security and IT
• Define and optimise end-to-end
vulnerability response processes, and then
automate as much as you can
• Retain talent by focusing on culture
and environment. n
“
SECURITY TEAMS
WILL REMAIN AT
A DISADVANTAGE
IF THEY DON’T
CHANGE THEIR
APPROACH.
www.intelligentcio.com