Cloud Hosting

Despite a 15-fold increase in cyber-attacks, only 60% of organizations have improved their security posture.

The findings are explained in SecurityScorecard's report, The Fast and Frivolous: Pacing Remediation of Web-Facing Vulnerabilities.

Only 10% of Vulnerabilities are remediated each month

To measure the speed and progress of remediation, SecurityScorecard's research examined how quickly issues were addressed and how long they persisted across assets. The research showed the financial sector to be among the slowest remediation rates (median to fix 50% = 426 days), while utilities ranked among the fastest (median = 270 days). Somewhat surprisingly, despite a 15-fold increase in exploitation activity for vulnerabilities with published exploit code, there was little evidence that organizations in this sector fixed exploited flaws faster. Regardless of how many total vulnerabilities existed across their domain(s), organizations typically fixed about 10% of weaknesses each month.

"Vulnerabilities likely exist with vendors and service providers, which necessitates the need for continuous visibility into the entire ecosystem," said Wade Baker, partner and co-founder at the Cyentia Institute. "With greater visibility, organizations can prioritize risks and remediation based on data. This is key to effectively addressing cyber vulnerabilities."

Where the vulnerabilities exist

The research shows the "Information" sector (62.6%) and "Public" sector (61.6%) had the highest prevalence of open vulnerabilities. The "Financial" sector (48.6%) exhibited the lowest proportion of open vulnerabilities; however, there is less than a 10% difference between this and other sectors in terms of industries with the most open vulnerabilities. The analysis revealed that it typically takes organizations 12 months to remediate half of the vulnerabilities in their internet-facing infrastructure. When firms have fewer than 10 open vulnerabilities, it can take about a month to close just half of them, but when the list grows into the hundreds, it takes up to a year to reach the halfway point.

SecurityScorecard collects and analyzes global threat signals that give organizations instant visibility into the security posture of vendors and business partners as well as the capability to do a self-assessment of their own security posture. The technology continuously monitors 10 groups of risk factors to instantly deliver an easy-to-understand A-F rating. Additionally, SecurityScorecard Ratings with Attack Surface Intelligence provides visibility into IP, network, domain or vendor's attack surface risk data, all in one pane of glass. This actionable, deep threat intelligence helps customers identify all of an organization's connected assets, expose previously unknown threats, conduct investigations at scale and prioritize vendor remediation.

For more information on the SecurityScorecard cybersecurity ratings platform or to request a demo, visit http://www.securityscorecard.com.

About SecurityScorecard

Funded by world-class investors including Evolution Equity Partners, Silver Lake Waterman, Sequoia Capital, GV, Riverwood Capital, and others, SecurityScorecard is the global leader in cybersecurity ratings with more than 12 million companies continuously rated. Founded in 2013 by security and risk experts Dr. Aleksandr Yampolskiy and Sam Kassoumeh, SecurityScorecard's patented rating technology is used by over 30,000 organizations for enterprise risk management, third-party risk management, board reporting, due diligence, cyber insurance underwriting, and regulatory oversight. SecurityScorecard is the first cybersecurity ratings company to offer digital forensics and incident response services, providing a 360-degree approach to security prevention and response for its worldwide customer and partner base. SecurityScorecard continues to make the world a safer place by transforming the way companies understand, improve and communicate cybersecurity risk to their boards, employees and vendors. Every organization has the universal right to their trusted and transparentInstant SecurityScorecardrating. For more information, visitsecurityscorecard.comor connect with us onLinkedIn.

SOURCE Security Scorecard

Follow this link:
Too Fast and Too Frivolous - Cyber Attacks Speed Ahead By 15x, While Companies Stall In Addressing Vulnerabilities According to SecurityScorecard...