Companies keep getting breached by vulnerabilities they already knew about
Overview
A recent survey by Vicarius reveals a troubling trend in cybersecurity: many companies are getting breached by vulnerabilities they were already aware of. Despite advanced scanning tools that help identify weaknesses across systems, organizations struggle with the subsequent steps of fixing these vulnerabilities. The survey included responses from 300 IT and cybersecurity leaders in the U.S. and the U.K., highlighting a significant gap in the process of assigning, approving, deploying, and confirming fixes. This issue raises concerns about the effectiveness of current cybersecurity strategies and the potential risks to sensitive data. Organizations need to address these gaps to better protect themselves from breaches that could have been prevented.
Key Takeaways
- Action Required: Organizations should improve their processes for assigning, approving, deploying, and confirming vulnerability fixes.
- Timeline: Ongoing since survey conducted
Original Article Summary
Scanning tools have gotten good at their work. Organizations now find more weaknesses across more of their systems than at any earlier point in the industry’s history. A survey from the security firm Vicarius points to a gap that opens after that discovery, in the work of assigning, approving, deploying, and confirming a fix. The company surveyed 300 IT and cybersecurity leaders in the United States and the United Kingdom, at organizations with 500 to … More → The post Companies keep getting breached by vulnerabilities they already knew about appeared first on Help Net Security.
Impact
Not specified
Exploitation Status
No active exploitation has been reported at this time. However, organizations should still apply patches promptly as proof-of-concept code may exist.
Timeline
Ongoing since survey conducted
Remediation
Organizations should improve their processes for assigning, approving, deploying, and confirming vulnerability fixes.
Additional Information
This threat intelligence is aggregated from trusted cybersecurity sources. For the most up-to-date information, technical details, and official vendor guidance, please refer to the original article linked below.