Many companies’ are not patching vulnerable systems in a timely manner, running systems that are no longer supported and have publicly available exploit code, according to new research from IT consulting firm Protiviti.

For the study, Protiviti conducted in-depth analysis of vulnerability scans and tests of IT systems and infrastructure at more than 500 organizations over a nine-year period that began in 2009.

In its analysis of the anonymous data, Protiviti found that easily patched vulnerabilities are not being fixed in a timely manner, particularly within applications. Another key finding is that organizations still run a large number of unsupported systems, which greatly raises the risk for breaches.

The most vulnerable companies come from the consumer products, financial services, healthcare and life sciences, technology, media and telecommunications, manufacturing and energy industries.

"Our hope is that companies will see the results of our study as a wake-up call to the potential vulnerability of their own IT systems, and then proactively make the necessary changes to protect the confidentiality, integrity and availability of the key business processes supported by IT operations,” said Scott Laliberte, managing director and global security and privacy practice leader at Protiviti.

A programmatic approach will be key to rectifying these vulnerabilities, according to Laliberte. These strategies include carrying out penetration testing and using automated tools as part of a patch-management program.

Register or login for access to this item and much more

All Digital Insurance content is archived after seven days.

Community members receive:
  • All recent and archived articles
  • Conference offers and updates
  • A full menu of enewsletter options
  • Web seminars, white papers, ebooks

Don't have an account? Register for Free Unlimited Access