More Than Half of Businesses Take up to a Month to Execute Security Updates — What It Means for the Cyber Battle to Come
By Anne Baker, Vice President of Marketing, Adaptiva
2017 has been quite a year. In addition to countless news stories about Russians trying to hack into our election systems, political organizations, and networks, we’ve done battle with ransomware attacks like WannaCry and Petya. Add the impact of the recent Equifax hack to the mix and there is little doubt that cyber warfare is now officially on the map.
In an era when IT teams were already stretched thin, this is not good news. The questions then become: What do we do moving forward? How do these instances and attacks affect enterprise security priorities, policies, and practices? What are teams’ most pressing issues and biggest challenges, and what needs to be done to address these concerns? To figure it out, we surveyed IT professionals at global organizations charged with securing over 1,000 endpoints. Their answers provide a glimpse into where the future of enterprise security is headed.
Updates Are Anything but Simple
Across the board, survey respondents indicated that the struggle to keep up with the pace and volume of Windows updates is a huge issue. In fact, in one of the survey’s most startling statistics, 85 percent of respondents considered Windows updates a priority, but more than half shared that they can take up to a month to ensure systems are updated enterprise-wide. A month is a pretty long time to leave systems subject to vulnerabilities!
But it’s not just Windows. From Office 365 to thousands of other third-party apps, IT teams have problems keeping track of what software is on which machines and which versions need to be updated. Vendors are now releasing security updates with increasing frequency (no one wants to be liable in the event of a breach). As a result, third-party patching has become a significant priority but one with undeniable complexity.
This leads to a lot of updating of security policies to shore up against vulnerabilities and guard against new attack strategies and threats. Companies are constantly being forced to change their policies around what solutions to use, how to configure systems and applications, what OS security features to enable/disable, what accounts and permissions should be allowed, and much more. It’s a lot to take on and keep track of, to say the least.
Then tack on the challenge the network can present in the quest to maintain a secure enterprise. Thirty-eight percent of respondents shared that they did not consider delivery of security software and updates over their low-bandwidth network connections reliable. This poses yet another issue for teams tasked with determining if security updates even reach endpoints.
With all of this going on in the background, is it any wonder that only 12 percent of survey respondents indicated that they have enough people and resources to do security configuration management? IT teams reported not having the time to write automations to keep systems in check, and nearly one-third noted that they don’t have the necessary skills to create those automations in the first place.
Bracing for Cyber Battle
But all is not lost! According to Gartner, security expenditures will grow 7 percent to $86.4 billion in 2017. Companies understand the threats and are identifying the gaps within their organizations. Some will add qualified staff, dedicated to specific aspects of endpoint security configuration management. Others will invest in automation solutions that dramatically simplify security, ensuring that all endpoints remain secure while freeing up IT to deal with other pressing issues.
It is undoubtedly a tall order, but endpoint security is something that every business now realizes is non-negotiable. The days of waiting a month to update endpoints will soon be long gone because the consequences are simply too great. While we’re not there yet, enterprises are gearing up to win the cyber security battle, and speed will be our most powerful weapon.
To view the complete Adaptiva 2017 Enterprise Endpoint Security Survey, please visit http://www2.adaptiva.com/survey/2017-endpoint-security.
As first published in VMBlog.com.
As vice president of marketing at Adaptiva, Anne Baker brings to the company a unique combination of over 15 years of high-tech marketing experience with a technical engineering background. Anne holds a mechanical engineering degree from Cornell University and an MBA from Seattle University. Her work has earned her recognition as one of the “100 Top Women in Seattle Technology” by the Puget Sound Business Journal and one of the “Top 50 Women in Mobile Content” by Mobile Entertainment Magazine. Anne has led the launch strategies for emerging start-up companies as well as created global campaigns for leading technology companies, such as Microsoft and SAP. For more information, please visit www.adaptiva.com, and follow the company at LinkedIn, Facebook, and Twitter.