Story image

Singapore organizations caught in 'patching paradox'

08 May 18

Singapore organizations say they don’t have the resources to keep up with the volume of patches required to remediate software flaws – but more than half say they will hire more people to deal with vulnerability responses.

A recent report from ServiceNow and the Ponemon Institute, polled 3000 security professionals worldwide (165 from Singapore). It found that Singapore was the second highest country to report inefficient resources to keep up with the volume of patching (78% compared to 72% globally).

However 50% of those same global organizations say they will increase the headcount, despite already dedicating a significant proportion of their resources to patching. In Singapore, 68% of respondents say they will hire more dedicated resources for patching over the next 12 months.

However IT advocacy group ISACA says that hiring new staff will not solve the problem, especially as the global shortage of cybersecurity professionals may reach 2 million by 2019.

The ServiceNow report also says that there is a ‘patching paradox’ – hiring more people does not necessarily mean better security. Organizations need to fix their broken patching processes first.

“Adding more talent alone won’t address the core issue plaguing today’s security teams,” comments ServiceNow VP of APJ, Mitch Young.  

Organizations struggle with patching issues because they use manual processes and don’t prioritize what needs to be patched first.

The survey found that 58% of Singapore respondents attributed the root cause of data breaches in their organization to human error. Singapore security teams lost an average of 10 days manually coordinating patching activities across teams, and 60% say manual processes put them at a disadvantage when they try to patch vulnerabilities.

ServiceNow says efficient vulnerability responses are critical because timely patching is important for avoiding security breaches.

“Automating routine processes and prioritizing vulnerabilities helps organizations avoid the ‘patching paradox,’ instead focusing their people on critical work to dramatically reduce the likelihood of a breach,” Young adds.

Overall, 45% of Singapore respondents say they have experienced a data breach in the last two years. Of those, 57% say the breach was due to a known vulnerability.

“Most data breaches occur because of a failure to patch, yet many organizations struggle with the basic hygiene of patching,” Young says.

 “Attackers are armed with the most innovative technologies, and security teams will remain at a disadvantage if they don’t change their approach.”

ServiceNow offers five key recommendations that provide organizations with a pragmatic roadmap to improve security posture:

·         Take an unbiased inventory of vulnerability response capabilities. 

·         Accelerate time-to-benefit by tackling low-hanging fruit first.

·         Regain time lost coordinating by breaking down data barriers between security and IT.

·         Define and optimize end-to-end vulnerability response processes, and then automate as much as you can.

·         Retain talent by focusing on culture and environment.

Hillstone CTO's 2019 security predictions
Hillstone Networks CTO Tim Liu shares what key developments could be expected in the areas of security compliance, cloud, security, AI and IoT.
Can it be trusted? Huawei’s founder speaks out
Ren Zhengfei spoke candidly in a recent media roundtable about security, 5G, his daughter’s detainment, the USA, and the West’s perception of Huawei.
Oracle Java Card update boosts security for IoT devices
"Java Card 3.1 is very significant to the Internet of Things, bringing interoperability, security and flexibility to a fast-growing market currently lacking high-security and flexible edge security solutions."
Sophos hires ex-McAfee SVP Gavin Struther
After 16 years as the APAC senior vice president and president for McAfee, Struthers is now heading the APJ arm of Sophos.
Half of companies unable to detect IoT device breaches
A Gemalto study also shows that the of blockchain technology to help secure IoT data, services and devices has doubled in a year.
Huawei founder publically denies spying allegations
“After all the evidence is made public, we will rely on the justice system.”
Malware downloader on the rise in Check Point’s latest Threat Index
Organisations continue to be targeted by cryptominers, despite an overall drop in value across all cryptocurrencies in 2018.
IoT breaches: Nearly half of businesses still can’t detect them
The Internet of Thing’s (IoT’s) rapid rise to prominence may have compromised its security, if a new report from Gemalto is anything to go by.