“From this research, it is clear that most enterprises recognize not only are they under-resourced in finding and managing their vulnerabilities, but they also have gaps around assessing the risk and getting full visibility across their IT assets,” said Larry Ponemon, founder and chairman of Ponemon Institute, “which no doubt led to that low confidence vote in their ability to avoid a data breach.”
According to the findings, too many organizations are struggling to maintain adequate cybersecurity posture and avoid breaches. A key challenge noted is an inability to keep up with basic software vulnerability mitigation and patching – a fundamental but key component of security posture. Key data points include:
The low levels of confidence found in the research is in large part because security teams cannot properly resource the management of vulnerabilities – both identifying and patching. This situation has become acute in vulnerability management because of the sheer volume of alerts for unpatched systems:
The result of this mismatch between alert volumes and limited resourcing is postponed patching, no prioritization of actions and a resulting weaker cybersecurity posture:
When asked how they would like the industry to improve and innovate in vulnerability and risk management, respondents – especially those rated as “high performing organizations” – consistently cited requests for these additional capabilities not found in traditional solutions:
“We are not surprised by these findings from Ponemon Institute’s research,” said Gaurav Banga, founder and CEO of Balbix. “While respondents’ confidence levels in their ability to avoid a breach is obviously troubling, it is clear that most understand the reasons why -- alert volume, limited team resources, lack of visibility across assets, and very limited contextual risk. On the positive side, respondents cite a clear list of capabilities that can help them better see and manage their vulnerabilities, which will eventually improve their overall security posture.”