Story image

Singapore organizations caught in 'patching paradox'

08 May 2018

Singapore organizations say they don’t have the resources to keep up with the volume of patches required to remediate software flaws – but more than half say they will hire more people to deal with vulnerability responses.

A recent report from ServiceNow and the Ponemon Institute, polled 3000 security professionals worldwide (165 from Singapore). It found that Singapore was the second highest country to report inefficient resources to keep up with the volume of patching (78% compared to 72% globally).

However 50% of those same global organizations say they will increase the headcount, despite already dedicating a significant proportion of their resources to patching. In Singapore, 68% of respondents say they will hire more dedicated resources for patching over the next 12 months.

However IT advocacy group ISACA says that hiring new staff will not solve the problem, especially as the global shortage of cybersecurity professionals may reach 2 million by 2019.

The ServiceNow report also says that there is a ‘patching paradox’ – hiring more people does not necessarily mean better security. Organizations need to fix their broken patching processes first.

“Adding more talent alone won’t address the core issue plaguing today’s security teams,” comments ServiceNow VP of APJ, Mitch Young.  

Organizations struggle with patching issues because they use manual processes and don’t prioritize what needs to be patched first.

The survey found that 58% of Singapore respondents attributed the root cause of data breaches in their organization to human error. Singapore security teams lost an average of 10 days manually coordinating patching activities across teams, and 60% say manual processes put them at a disadvantage when they try to patch vulnerabilities.

ServiceNow says efficient vulnerability responses are critical because timely patching is important for avoiding security breaches.

“Automating routine processes and prioritizing vulnerabilities helps organizations avoid the ‘patching paradox,’ instead focusing their people on critical work to dramatically reduce the likelihood of a breach,” Young adds.

Overall, 45% of Singapore respondents say they have experienced a data breach in the last two years. Of those, 57% say the breach was due to a known vulnerability.

“Most data breaches occur because of a failure to patch, yet many organizations struggle with the basic hygiene of patching,” Young says.

 “Attackers are armed with the most innovative technologies, and security teams will remain at a disadvantage if they don’t change their approach.”

ServiceNow offers five key recommendations that provide organizations with a pragmatic roadmap to improve security posture:

·         Take an unbiased inventory of vulnerability response capabilities. 

·         Accelerate time-to-benefit by tackling low-hanging fruit first.

·         Regain time lost coordinating by breaking down data barriers between security and IT.

·         Define and optimize end-to-end vulnerability response processes, and then automate as much as you can.

·         Retain talent by focusing on culture and environment.

Oracle updates enterprise blockchain platform
Oracle’s enterprise blockchain has been updated to include more capabilities to enhance development, integration, and deployment of customers’ new blockchain applications.
Used device market held back by lack of data security regulations
Mobile device users are sceptical about trading in their old device because they are concerned that data on those devices may be accessed or compromised after they hand it over.
Gartner names ExtraHop leader in network performance monitoring
ExtraHop provides enterprise cyber analytics that deliver security and performance from the inside out.
Symantec acquires zero trust innovator Luminate Security
Luminate’s Secure Access Cloud is supposedly natively constructed for a cloud-oriented, perimeter-less world.
Palo Alto releases new, feature-rich firewall
Palo Alto is calling it the ‘fastest-ever next-generation firewall’ with integrated cloud-based DNS Security service to stop attacks.
The right to be forgotten online could soon be forgotten
Despite bolstering free speech and access to information, the internet can be a double-edged sword, because that access to information goes both ways.
Opinion: 4 Ransomware trends to watch in 2019
Recorded Future's Allan Liska looks at the past big ransomware attacks thus far to predict what's coming this year.
Red Box gains compliance boost with new partnership
By partnering with Global Relay, voice platform provider Red Box is improving the security of its offerings for high-value and risk voice data.