Risk-based vulnerability management solution provider Balbix and the Ponemon Institute released a new study: “Challenging State of Vulnerability Management Today: Gaps in Resources, Risk and Visibility Weaken Cybersecurity Posture.”
The survey reached 600 cybersecurity professionals in over 15 different vertical industries. Nearly three quarters of those surveyed work at enterprises with over 1,000 employees. The study illuminates the issues facing most enterprises’ cybersecurity posture and the need for better vulnerability management.
Some of the key findings from the Balbix and Ponemon Institute study include:
- 68% of cybersecurity professionals say their staffing does not adequately support their cybersecurity posture.
- 15% say patching efforts prove highly effective.
- 67% feels they lack the time and resources to mitigate all of their digital vulnerabilities.
- 59% of cybersecurity professionals say they have ineffective vulnerability programs.
- Of those with an ineffective vulnerability program, 63% say their inability to act on a large number of alerts most negatively affects their cybersecurity posture.
- 60% say a lack of visibility across all IT asset types constitutes a challenge to their cybersecurity posture.
- 56% feel concerned they cannot predict which assets would end up compromised or where they could suffer a compromise.
Ultimately, only one in three businesses feel confident they could avoid a data breach.
Vulnerability Management and SIEM
Enterprises’ inability to determine their most critical vulnerabilities and their most essential assets speaks to fundamental visibility issues their IT security teams must address as quickly as possible.
You cannot manage what you cannot see, nor can you protect it. This remains one of the most repeated and yet least heeded refrains in cybersecurity overall. Enterprises continue to try to deploy vulnerability management and SIEM solutions across the entirety of their network simultaneously instead of developing their network visibility.
Oftentimes, this leads to deployment issues. IT teams become overwhelmed by the scope of the project and unable to properly manage their solutions; the solutions generate too many alerts or require too many inputs to function optimally.
Therefore, before you properly deploy your vulnerability management or SIEM solution, you need to do a full assessment of your IT resources, assets, and locations. Strong InfoSec policies depend on understanding where you need the most protection. Then you can deploy the solutions in those vulnerable areas first before expanding it across the network. Work with your solution provider to develop a concrete plan which can translate into a strong cybersecurity posture.
In conclusion, for more on the Balbix and the Ponemon Institute Challenging State of Vulnerability Management Today: Gaps in Resources, Risk and Visibility Weaken Cybersecurity Posture,” you can download it here.
Latest posts by Ben Canner (see all)
- 5 Key Security Analytics Capabilities for Security Operations Centers - October 17, 2019
- 40 Percent of Security Practitioners Don’t Report to the Board - October 15, 2019
- What Do SIEM Components Actually Do For Enterprises? - October 10, 2019