Attackers will always go for the low-hanging fruit, the proverbial 'unlocked door,' over a more complex method of compromise. As long as these older vulnerabilities are present, they'll continue to be exploited. Organizations should really be aiming to fix vulnerabilities on their systems as rapidly as is feasible. Any gap in applying a patch to a vulnerability provides an opportunity for hackers to access systems and steal confidential data.Survey respondents were split on the need to prioritize people vs. technology resources to mitigate today's cyberattacks; 54 percent believe that an investment in people is needed most, while 46 percent said technology. Vulnerability management begins with asset discovery, or creating an inventory of all known hardware and software installed on their networks. This this difficult to do manually at large organizations. However, the survey revealed that only 17 percent of organizations have automated tools which enable them to identify the locations, department and other critical details about unauthorized hardware and software changes on their network. Erlin added:
If you don’t know what devices are on your network, you’re setting yourself up to fail in terms of securing it. For some organisations, doing this manually is just unrealistic and too challenging, which is why automated technology solutions exist to address this issue. Those who can identify these changes and additions to their networks within minutes will be in a much more comfortable position when it comes to security.Companies can best prioritize risk in their IT environments by investing in a solution that can discover all their hardware and software for them. They must also deploy a project that provides a suitable metric when it comes to vulnerability and risk management. Fortunately for them, Tripwire has developed such an objective metric and incorporated it into its Tripwire IP360 solution. To learn more about Tripwire's vulnerability scoring system, please download this paper.