Story image

Singapore organizations caught in 'patching paradox'

08 May 18

Singapore organizations say they don’t have the resources to keep up with the volume of patches required to remediate software flaws – but more than half say they will hire more people to deal with vulnerability responses.

A recent report from ServiceNow and the Ponemon Institute, polled 3000 security professionals worldwide (165 from Singapore). It found that Singapore was the second highest country to report inefficient resources to keep up with the volume of patching (78% compared to 72% globally).

However 50% of those same global organizations say they will increase the headcount, despite already dedicating a significant proportion of their resources to patching. In Singapore, 68% of respondents say they will hire more dedicated resources for patching over the next 12 months.

However IT advocacy group ISACA says that hiring new staff will not solve the problem, especially as the global shortage of cybersecurity professionals may reach 2 million by 2019.

The ServiceNow report also says that there is a ‘patching paradox’ – hiring more people does not necessarily mean better security. Organizations need to fix their broken patching processes first.

“Adding more talent alone won’t address the core issue plaguing today’s security teams,” comments ServiceNow VP of APJ, Mitch Young.  

Organizations struggle with patching issues because they use manual processes and don’t prioritize what needs to be patched first.

The survey found that 58% of Singapore respondents attributed the root cause of data breaches in their organization to human error. Singapore security teams lost an average of 10 days manually coordinating patching activities across teams, and 60% say manual processes put them at a disadvantage when they try to patch vulnerabilities.

ServiceNow says efficient vulnerability responses are critical because timely patching is important for avoiding security breaches.

“Automating routine processes and prioritizing vulnerabilities helps organizations avoid the ‘patching paradox,’ instead focusing their people on critical work to dramatically reduce the likelihood of a breach,” Young adds.

Overall, 45% of Singapore respondents say they have experienced a data breach in the last two years. Of those, 57% say the breach was due to a known vulnerability.

“Most data breaches occur because of a failure to patch, yet many organizations struggle with the basic hygiene of patching,” Young says.

 “Attackers are armed with the most innovative technologies, and security teams will remain at a disadvantage if they don’t change their approach.”

ServiceNow offers five key recommendations that provide organizations with a pragmatic roadmap to improve security posture:

·         Take an unbiased inventory of vulnerability response capabilities. 

·         Accelerate time-to-benefit by tackling low-hanging fruit first.

·         Regain time lost coordinating by breaking down data barriers between security and IT.

·         Define and optimize end-to-end vulnerability response processes, and then automate as much as you can.

·         Retain talent by focusing on culture and environment.

How to stay safe when shopping online
Online shopping is a great way to avoid the crowds – but there are risks.
Dell EMC embeds security in latest servers
Dell EMC's 14th generation of PowerEdge servers has comprehensive management tools to provide security across hardware and firmware.
Why data backups should be a part of daily operations
"Disaster recovery needs to address complete system failure and provide a set of security policies to govern disaster incidents."
Businesses focusing on threats from within - survey
Over 50% of respondents reported that 100 days of dwell time or more was representative of their organisation.
Corelight and Exabeam partner to improve network monitoring
The combination of lateral movement and siloed usage of point security products leaves many security teams vulnerable to compromise.
SailPoint releases first identity annual report
SailPoint’s research found that many organisations are lacking maturity in their governance processes over identities.
Disruption in the supply chain: Why IT resilience is a collective responsibility
"A truly resilient organisation will invest in building strong relationships while the sun shines so they can draw on goodwill when it rains."
Businesses too slow on attack detection – CrowdStrike
The 2018 CrowdStrike Services Cyber Intrusion Casebook reveals IR strategies, lessons learned, and trends derived from more than 200 cases.