A report from telemetric data analysis revealed that less than half of companies do proper vulnerability testing. The data also includes business criticality as one of the key elements of their cyber defence risk reduction.
Based on the data only 5% of the organisations are testing their applications with the latest penetration testing software. On the other side, 33% of the companies are following the minimalist approach to vulnerability assessments to comply with cybersecurity regulations.
A study revealed that cyber attackers usually have a median seven-day window of opportunity to exploit a known vulnerability before the company fixes it.
“This research is a call to action for our business to get serious about providing the advantage back to cyber defenders, starting with the accurate and disciplined assessment of vulnerabilities as the basis for mature vulnerability management and ultimately, cyber exposure.”
The research was conducted using telemetry data that was gathered for three months from over 60 different nations.
The companies have been categorized with levels such as surveyor and investigator approaches based on the assessments with a high maturity.
The surveyor approach is characterised by a broad-scope of vulnerability assessments with less authentication and customisation of scanning procedures. While the investigator approach is characterised by the execution of the vulnerability assessments on selective assets. 45% of the companies follow this approach.
“Considering the challenges associated in managing vulnerabilities, ensuring buy-in from management, cooperating with disparate enterprise units such as IT operations, maintaining staff and skills, and the complexities of scale, this is a great achievement and provides a solid basis upon which to mature further,” the report said.
Find the full report HERE