Survey: Over half of breaches preventable with available patches

Research from the Ponemon Institute has revealed that 57 per cent of victims of cyberattacks say that the breach could have been prevented if an available patch had been installed. The research has highlighted the importance of frequent patching in preventing external attacks targeting application vulnerabilities.

Of the organisations surveyed in the report, 34 per cent said that they had been aware of the vulnerability, but had not acted to fix it. 78 per cent said that they don’t patch vulnerabilities within 24 hours of a patch being available, while 12 per cent said they only install critical patches when they have time.

The survey, which was conducted by the Ponemon Institute for ServiceNow, also revealed that 37 per cent of breach victims say that they don’t scan for system vulnerabilities. 74 per cent, meanwhile, claim that they are unable to patch quickly enough due to a lack of staff.

Experts have suggested that the problem stems from a “patching gap”, with security and IT staff often said to be lacking the necessary knowledge or resources to keep up with widely available patches for software vulnerabilities.

When asked how their organisation prioritises deploying critical patches, 22 per cent of firms said that they patch within the first 24 hours of release. 26 per cent deploy patches 2-3 days after release, while 21 per cent deploy 4-7 days after release.

13 per cent of firms say they only deploy once they have quality assured the patch themselves. 12 per cent only deploy available patches when they have time do so and 6 per cent said that they didn’t have a set policy.

Piero DePaoli, ServiceNow’s Senior Director of Product Marketing of Security Operations, has said that security teams are "overwhelmed” due to a lack of staff. In order to address the issue, DePaoli has argued that automated processes need to be relied upon more, which he says would help to reduce the burden on staff.