BitSight Research Finds Organizations Failing to Keep Pace with the Increase in Cyber Vulnerabilities
BitSight, a leader in detecting and managing cyber risk, today unveiled new research which found that the cybersecurity vulnerability remediation rate for over 100,000 organizations around the world currently sits at a critically low 5%. While vulnerability management is one of the most important things an organization can do to reduce the risk of experiencing a cybersecurity incident, this research shows the extent to which many organizations still struggle to implement an effective vulnerability management program.
These findings come as the number of disclosed vulnerabilities and known exploited vulnerabilities have increased over the last year; the modern organizational attack surface continues to expand with increased investments in cloud infrastructure, adoption of internet-connected devices, increased dependencies on third-party vendors and the growth of the remote workforce. This makes it difficult for organizations to properly identify enterprise assets and systems, let alone ensure they are kept secure by receiving the latest remediations.
"It's clear organizations face significant challenges in discerning and managing vulnerabilities in their own organization and across their extended third-party ecosystem," said BitSight CTO Stephen Boyer. "Cybersecurity leaders need a complete view of their organization's attack surface and better see where their cyber risk lies – including third-party risk – so they can protect their organizations and meet the expectations of critical stakeholders like the Board, investors, insurers, and regulators."
To reduce overall cyber risk and foster trust within the organization, BitSight recommends security leaders implement the following program items:
- Prioritize vulnerability management – From the top-down, vulnerability management should be considered critical to organizational security. This means putting adequate resources into your program, including human resources, technology solutions, and pillars that guide governance.
- Identify your attack surface – Lacking visibility into the internal and external assets comprising your attack surface leaves you vulnerable to cyberattacks; and failing to effectively manage your attack surface leaves your organization vulnerable to breaches, ransomware, and other cybersecurity incidents.
- Understand third-party cyber risks – A successful attack on your third-party suppliers and vendors could potentially result in business disruption, financial loss, reputational harm, and even compromise your internal systems and data.
- Communicate effectively with stakeholders – As the number of stakeholders concerned about cybersecurity grows to include the Board, executives, the capital marketplace and more, so do the expectations for effective management. Building, maintaining, and communicating a strong cybersecurity program is critical to establishing trust with these stakeholders.
For this study, BitSight analyzed 140 medium, high, and critical software vulnerabilities across over 100,000 organizations around the world with varying rates of remediation at the time of observation.
For more information, the full study can be viewed here.