Nearly every day, there’s news about a new data breach or cyber threat. The ever-evolving threat landscape is putting businesses of all sizes on edge, including the cybersecurity professionals working for them. Despite efforts to curb attacks, they’re increasing — and there are reasons for this.
Cybercriminals are continuing to damage and disrupt computer systems and networks, even with all the security measures available to enterprises in today’s marketplace. The severity and volume of cyberattacks have increased an average of 27 percent and 17 percent in the past 12 months, respectively, according to a new ServiceNow report.
Conducted with the Ponemon Institute, the study, “Costs and Consequences of Gaps in Vulnerability Response,” surveyed nearly 3,000 security professionals — the majority of whom held management roles — in nine countries to understand how organizations are responding to vulnerabilities.
Even though the study found that cyberattacks across the board are increasing, there are ways for organizations to better protect themselves against cyber threat actors looking to exploit system and network vulnerabilities.
Understand the root causes of data breaches
While there are many root causes of data breaches, a few stand out from the pack.
The top three are human error, criminal external attack, and malicious insider, the study found.
Tackling the root causes of data breaches isn’t easy, especially if your resources are limited, but it’s key to limiting the number of significant cyber incidents within your organization.
Timely patching is critical to preventing data breaches
One of the top ways to target root causes of data breaches is by keeping patches — which fix security vulnerabilities and other bugs — up to date, which many companies fail to do for various reasons, one of which being negligence.
For example, even when patches are available, organizations fail to act. Sixty percent of the survey’s respondents said patching could’ve prevented some of the data breaches at their organizations over the past 12 months.
While IT operations and IT security operations are most responsible for patching, 88 percent of respondents said they must coordinate with other areas of the organization when patching vulnerabilities, which can add delays of up to 12 days, according to the study.
Time is of the essence in cybersecurity, and it’s now taking more time to patch critical vulnerabilities. It takes 16 days on average to patch a critical vulnerability after detection, the study found.
Even though timely patching is of the utmost importance, enterprises must also implement the right technologies to stay on par with their competition.
How organizations can combat cyber threat actors ahead in the game
The truth is this: Cybercriminals are winning. Enterprises aren’t doing enough to protect their networks and systems from cyber threat actors, and efforts to curb threats need to be improved.
The IT threat environment is becoming overly complex, making it extremely difficult for enterprises to keep up with how hackers are infiltrating networks and systems.
For example, many respondents (60 percent) said attackers are outpacing enterprises when it comes to using emerging technologies, including machine learning and Artificial Intelligence (AI).
Instead of using automation to patch vulnerabilities, many enterprises are still using manual processes (52 percent), putting them at immediate risk, according to the study.
Two ways to improve patch management include increasing automation and IT security staff, the survey’s respondents said.
While cyberattacks are increasing, you can still properly protect your organization by understanding the root causes of data breaches, staying up to date with patches, leveraging new technologies, and increasing the number of IT professionals protecting your networks and systems.