By: Juta Gurinaviciute

According to Gartner, 99 percent of the vulnerabilities exploited by the end of 2020 were the ones known by security and IT professionals at the time of the incident. In fact, one in three breaches are caused by unpatched vulnerabilities.

Software vendors are constantly publishing new patches to fix problems in software that they have sold. It is then up to the users of the software to apply the patches. Otherwise, they risk leaving themselves open to attack via the backdoors that the vendors failed to spot when building the product in the first place.

Patch management has historically been a nightmare for IT and security teams: 12,174 common vulnerabilities and exposures (CVEs) were reported last year. The need to test these patches to ensure that they don't cause other unexpected problems means that there is often a delay in getting systems secured. This leaves a gap that hackers can exploit. According to a new report from IBM and the Ponemon Institute, the average cost of a data breach in 2020 is $3.86 million.

Vulnerabilities: the root cause

All software has technical vulnerability that bad actors can exploit in countless ways. Therefore, the organizations that maintain these programs must routinely look for and address exploits before they are discovered by criminals.

Every time a vulnerability is addressed, the software provider releases a patch, which needs to be applied by the organizations that use the program. This must be done promptly, because bad actors—now alerted to the vulnerability—will be actively looking for organizations that are still exposed to the threat.

Nearly 60 percent of data breaches in the past two years can be traced back to a missing operating system patch or application patch, researchers report. Poor patch management can be linked to the high costs of downtime and disruption. Both of these resulting factors are magnified in larger organizations and are poised to escalate as businesses rush to support fully remote staff during this period of remote work. 

Getting a handle on patch management is an unending challenge for IT and security teams. It takes the average organization 38 days to patch a vulnerability. Even then, 25 percent of software vulnerabilities remain unpatched for more than a year. Improved patching processes could strengthen enterprise defense against cybercrime but costly downtime and disruptions mean even "fire drill" vulnerabilities don't get patched.

One of the biggest obstacles to frequent patching is that security teams struggle to identify everything that needs to be fixed. When teams are understaffed and struggling with alert fatigue, it can be hard to identify the systems that are yet to be updated, to prioritize remediation, and to apply patches quickly.

Securing remote access

Threats and hacking methodologies evolve at an alarming rate, so maintaining awareness and a security-focused mindset is the key to staying secure. Layering multiple solutions for business security is one of the best ways to keep business safe against cyber attacks. Among others, here are some of the solutions that are key to securing an organization’s data from vulnerabilities:

• Implementing firewalls (including web application firewalls)
• Administering multi-factor authentication
• Ensuring connections are secure and passwords are strong
• Utilizing intrusion detection systems
• Constantly monitoring and updating web platforms

Additional to these measures, cloud-based VPNs can also help encrypt data to add an extra layer to your cybersecurity strategy.