Over a million developers have joined DZone.
{{announcement.body}}
{{announcement.title}}

More Than Half of Businesses Take up to a Month to Execute Security Updates

DZone's Guide to

More Than Half of Businesses Take up to a Month to Execute Security Updates

A tech industry executive discusses what this lag time in patching and updates means for the cybersecurity battle to come.

· Security Zone ·
Free Resource

Discover how to provide active runtime protection for your web applications from known and unknown vulnerabilities including Remote Code Execution Attacks.

2017 has been quite a year. In addition to countless news stories about Russians trying to hack into our election systems, political organizations, and networks, we've done battle with ransomware attacks like WannaCry and Petya. Add the impact of the recent Equifax hack to the mix and there is little doubt that cyber warfare is now officially on the map.

In an era when IT teams were already stretched thin, this is not good news. The question then becomes, what do we do moving forward? How do these instances and attacks affect enterprise security priorities, policies, and practices? What are teams' most pressing issues and biggest challenges, and what needs to be done to address these concerns? To figure it out, we surveyed IT professionals at global organizations charged with securing more than 1,000 endpoints. Their answers provide a glimpse into where the future of enterprise security is headed.

Updates Are Anything but Simple

Across the board, survey respondents indicated the struggle to keep up with the pace and volume of Windows updates is a huge issue. In fact, in one of the survey's most startling statistics, 85 percent of respondents considered Windows updates a priority, but more than half shared that they can take up to a month to ensure systems are updated enterprise-wide. A month is a pretty long time to leave systems subject to vulnerabilities!

But it's not just Windows. From Office 365 to thousands of other third-party apps, IT teams have problems keeping track of what software is on which machines and which versions need to be updated. Vendors are now releasing security updates with increasing frequency (no one wants to be liable in the event of a breach). As a result, third-party patching has become a significant priority but one with undeniable complexity.

This leads to a lot of updating of security policies to shore up against vulnerabilities and guard against new attack strategies and threats. Companies are constantly being forced to change their policies around what solutions to use, how to configure systems and applications, what OS security features to enable/disable, what accounts and permissions should be allowed, and much more. It's a lot to take on and keep track of, to say the least.

Then tack on the challenge the network can present in the quest to maintain a secure enterprise. Thirty-eight percent of respondents shared that they did not consider delivery of security software and updates over their low-bandwidth network connections reliable. This poses yet another issue for teams tasked with determining if security updates even reach endpoints.

With all of this going on in the background, is it any wonder that only 12 percent of survey respondents indicated that they have enough people and resources to do security configuration management? IT teams reported not having the time to write automation scripts to keep systems in check, and nearly one-third noted that they don't have the necessary skills to create the automation they needed in the first place.

Bracing for Cyber Battle

But all is not lost! According to Gartner, security expenditures will grow 7 percent to $86.4 billion in 2017. Companies understand the threats and are identifying the gaps within their organizations. Some will add qualified staff, dedicated to specific aspects of endpoint security configuration management. Others will invest in automation solutions that dramatically simplify security, ensuring all endpoints remain secure while freeing up IT to deal with other pressing issues.

It is undoubtedly a tall order, but endpoint security is something that every business now realizes is non-negotiable. The days of waiting a month to update endpoints will soon be long gone because the consequences are simply too great. While we're not there yet, enterprises are gearing up to win the cybersecurity battle, and speed will be our most powerful weapon.

To view the complete Adaptiva 2017 Enterprise Endpoint Security Survey, click here.

Find out how Waratek’s award-winning application security platform can improve the security of your new and legacy applications and platforms with no false positives, code changes or slowing your application.

Topics:
security ,patching ,software security ,cybersecurity ,patch management

Published at DZone with permission of

Opinions expressed by DZone contributors are their own.

{{ parent.title || parent.header.title}}

{{ parent.tldr }}

{{ parent.urlSource.name }}