The latest malware or DDoS attack may have more public visibility but it’s the backlog of patches to resolve known vulnerabilities that is the primary factor putting enterprises at risk for audit failures and security breaches.
In most cases, enterprises are barely staying current with critical patch releases. Enterprises have thousands of pieces of software including mobile apps, cloud-native and legacy systems of record. This software is commercial off-the-shelf (COTS), open source and custom-built. New vulnerabilities emerge almost daily across the entire spectrum of software applications running in the Enterprise.
Given the never-ending stream of available patches with shrinking enterprise IT operations staff and limited enterprise security staff, prioritizing patches is a high priority. Yet, most organizations are overwhelmed with the sheer volume of patches. A recent Ponemon study shows that “65% of enterprises say they find it difficult to prioritize what needs to be patched first.” Prioritizing patches is necessary if you have a backlog of patches. But the best patch management strategy is to stay current altogether.