42 percent of IT Professionals Ignore Critical Security Flaws

It can take around 22 days to create an exploit for a known vulnerability

In response to the findings of a recent study from Outpost24, which revealed that 42 percent of IT professionals have ignored critical security issues because they couldn’t fix them, security experts at HackerOne, Imperva and ESET have commented.

Marten Mickos, CEO of HackerOne, said: “We see over and over the impact of known vulnerabilities that go unpatched with exceptional cases like the Equifax breach, and it is fantastic news that 58 percent of IT professionals do not ignore these critical security issues. It can take around 22 days to create an exploit for a known vulnerability, so we must make it easier for organizations to prioritize fixes to protect their customers."

Koby Kilimnik, security research specialist at Imperva, said: “A dedicated team that has a “security first” priority, should be the one in charge of protecting your assets. If you can’t afford one internally, you should rely on a security solution that provides additional support.  Additionally, to be effective, security departments must test every suspected vulnerability, which takes time and resources.  This can get frustrating for security teams that are already small and stretched thin.

"Not only are organizations broadening their online presence, the applications that make-up an online presence are becoming vastly more complicated, with components that speak to mobile devices, other applications, laptops and desktops, and even IoT. These complex connections massively increase the playing field that hackers, good and bad, can use to find and exploit vulnerabilities.

"Also, this ever-expanding playing field for hackers, means that security teams within the organizations now need to get much larger and much smarter, or find more hours in a day.  The security teams aren’t getting larger and they haven’t found any more hours in the day, but they have smartly begun to use technology to help fill many of these gaps.  Automation application security is often brought to bear on the problem allowing fewer security professionals to cover a larger playing field.”

Ondrej Kubovic, security awareness specialist at ESET, said: “I don’t think IT professionals “ignore” problems in their systems. More often, they tend to have limited budget, which means, they are forced to prioritize some tasks over others.”


Tags assigned to this article:

Advertisement

Around The World