In response to the findings of a recent study from Outpost24 which revealed that 42 percent of IT professionals have ignored critical security issues because they couldn’t fix them, IT security experts commented below.
Marten Mickos, CEO at HackerOne:
“We see over and over the impact of known vulnerabilities that go unpatched with exceptional cases like the Equifax breach, and it is fantastic news that 58% of IT professionals do not ignore these critical security issues. It can take around 22 days to create an exploit for a known vulnerability so we must make it easier for organizations to prioritize fixes to protect their customers.”
For the 22 days stat, got that from this:
Koby Kilimnik, Security Research Specialist at Imperva:
“A dedicated team that has a “security first” priority should be the one in charge of protecting your assets. If you can’t afford one internally, you should rely on a security solution that provides additional support. Additionally, to be effective, security departments must test every suspected vulnerability, which takes time and resources. This can get frustrating for security teams that are already small and stretched thin.
Not only are organizations broadening their online presence, the applications that make-up an online presence are becoming vastly more complicated, with components that speak to mobile devices, other applications, laptops and desktops, and even IoT. These complex connections massively increase the playing field that hackers, good and bad, can use to find and exploit vulnerabilities.
Also, this ever expanding playing field for hackers, means that security teams within the organizations now need to get much larger and much smarter, or find more hours in a day. The security teams aren’t getting larger and they haven’t found any more hours in the day, but they have, smartly begun to use technology to help fill many of these gaps. Automation application security, is often brought to bear on the problem allowing fewer security professionals to cover a larger playing field.”
Ondrej Kubovic, Security Awareness Apecialist at ESET:
“I don’t think IT professionals “ignore” problems in their systems. More often they tend to have limited budget which means they are forced to prioritize some tasks over others.”