Organizations slow to address system vulnerabilities

Many companies’ are not patching vulnerable systems in a timely manner, running systems that are no longer supported and have publicly available exploit code, according to new research from IT consulting firm Protiviti.

servers security.jpg
Computer servers

For the study, Protiviti conducted in-depth analysis of vulnerability scans and tests of IT systems and infrastructure at more than 500 organizations over a nine-year period that began in 2009.

In its analysis of the anonymous data, Protiviti found that easily patched vulnerabilities are not being fixed in a timely manner, particularly within applications. Another key finding is that organizations still run a large number of unsupported systems, which greatly raises the risk for breaches.

The most vulnerable companies come from the consumer products, financial services, healthcare and life sciences, technology, media and telecommunications, manufacturing and energy industries.

"Our hope is that companies will see the results of our study as a wake-up call to the potential vulnerability of their own IT systems, and then proactively make the necessary changes to protect the confidentiality, integrity and availability of the key business processes supported by IT operations,” said Scott Laliberte, managing director and global security and privacy practice leader at Protiviti.

A programmatic approach will be key to rectifying these vulnerabilities, according to Laliberte. These strategies include carrying out penetration testing and using automated tools as part of a patch-management program.

This story originally appeared in Information Management.
For reprint and licensing requests for this article, click here.
Network security Cyber security Cyber attacks
MORE FROM DIGITAL INSURANCE