It is no secret that many cyberattacks happen because systems have vulnerabilities in software that haven’t been patched yet. However, in 2021, why do companies seem to be slacking on providing the much-needed patches?
Ivanti Inc just published a new report answering that question. The company surveyed information technology and security professionals, 71% of whom consider patching an overly complex, cumbersome, and time-consuming endeavour.
The pandemic shifted a large portion of employed people into remote work positions. 57% of respondents said that remote work made patch management more complex.
A remote workforce is a challenge
Dealing with scattered workers who are connecting on devices from all over the place is a challenge that IT and security teams have struggled with. Remote workers aren’t the only challenge on this front. Demands on time factor in too.
61% of IT and security pros said that business owners ask them to push back or exempt maintenance windows and do it only once a quarter, to avoid downtime.
A threat actors become more sophisticated and better at exploiting vulnerabilities, organizations struggle to reduce the attack surface and speed up patch and remediation actions.
There is still work to be done
More than 50% of the respondents said that organizing and prioritizing critical vulnerabilities takes up most of their time, followed by issuing resolutions for failed patches (19%), testing them (15%), and coordinating with relevant departments (10%) to apply them.
A little under half of the respondents said their company’s patch management protocols fail to stem risk properly.
The report illustrates using major attacks where patching could have mitigated risk. For instance, the WannaCry ransomware attack of 2017 encrypted about 200,000 computers in 150 countries, exploiting a vulnerability that had existed for months without patching.