Hackuity has released a new report highlighting the mounting pressure faced by security teams as they grapple with an increasing number of Common Vulnerabilities and Exposures (CVEs).
Focusing on the challenges of vulnerability management, the report draws insights from 200 IT security decision-makers in the UK and APAC regions.
Growing Pressure on Security Resources
As CVEs continue to multiply, nearly half of the respondents, at 46%, indicate that this influx has strained their security resources, affecting both corporate security and staff wellbeing.
Furthermore, 26% confess that this pressure has led to data breaches, and more than a third, 36%, report that it resulted in regulatory penalties.
Additionally, 36% experienced delayed incident responses, while 33% admit to missing security alerts due to these pressures. The human impact is notable, with 38% acknowledging that these stresses have led to team burnout.
Consequences of Insufficient Vulnerability Management
Sylvain Cortes, VP Strategy at Hackuity, emphasized the negative effects these pressures have on organizations and their teams' well-being. "We know that teams are feeling the pressure right now - but what’s most concerning is the knock-on effect this is having on organizations and on the team’s well-being," Cortes stated.
He underscored the real-world consequences stemming from poorly managed vulnerabilities, such as missed alerts and financial penalties, emphasizing that the constant barrage of alerts is both stressful and costly.
Current approaches to Vulnerability Management
Despite the urgency, only 36% of organizations utilize a risk-based approach to vulnerability management
Despite the urgency, only 36% of organizations utilize a risk-based approach to vulnerability management, focusing on factors such as asset criticality, exploitability, and business impact.
Most organizations, however, report having formalized processes for identifying vulnerabilities, yet vulnerability management (VM) struggles to obtain the same priority as other IT security projects, as noted by 60% of respondents.
Challenges in remediation and Budget Constraints
The report highlights that the average time to remediate critical vulnerabilities is four weeks, although 21% of organizations report that it can take between one and three months to address these issues.
Operational and budgetary limitations further complicate VM efforts, with 43% citing operational constraints and 41% pointing to financial restrictions.
Staff and skills shortages also pose significant hurdles, with 29% of respondents identifying a lack of in-house skills and 25% noting that frequent staff turnover hinders improvements in VM practices.
Need for Enhanced Security Strategies
Sylvain Cortes stressed the importance of equipping security teams with the necessary tools and intelligence to manage the growing complexity of vulnerabilities effectively.
"Security leaders need to look at how they’re equipping their teams to make sure they can keep pace with the rising volume and complexity of vulnerabilities," Cortes remarked, warning of the wasted time and resources without proper context and intelligence surrounding alerts.
Find out about secure physical access control systems through layered cybersecurity practices.
