Cybersecurity In-Depth: Feature articles on security strategy, latest trends, and people to know.

So many software vulnerabilities, so little time. But failure to patch them can have serious consequences. Here's help for overwhelmed security teams.

Kacy Zurkus, Contributing Writer

August 20, 2019

6 Slides

In theory, anyone who depends on software should patch a vulnerability as quickly as possible. That goes for consumers as well as enterprises. In hindsight, Equifax would likely agree. The major breach of 2017 was, in part, the result of a failure to patch in a timely manner, writes security thought leader Kevin E. Green. But there are many reasons why patching doesn't happen quickly. Or at all. 

According to the "2019 Vulnerability and Threat Trends Research Report," published by Skybox Security, part of the problem is security teams are overwhelmed by the number of new vulnerabilities — 16,000 were reported last year — making patching rather unmanageable. Some organizations can't patch quickly because the risk of downtime far surpasses that of the vulnerability. Still others don't have a patching policy in place that identifies who is responsible for patching what and when.

"When you consider that [quality assurance] testing should take place before a patch is rolled out, and that many organizations have to work around defined 'downtime windows,' it becomes clear that every organization, every day of the year, is vulnerable to known attack vectors," says Bob Noel, VP of strategic relationships for Plixer.

So how can security teams make patching a smoother process? Here are five ways. 

Image Source: MyCreative via Adobe Stock

About the Author(s)

Kacy Zurkus

Contributing Writer

Kacy Zurkus is a cybersecurity and InfoSec freelance writer as well as a content producer for Reed Exhibition's security portfolio. Zurkus is a regular contributor to Security Boulevard and IBM's Security Intelligence. She has also contributed to several publications, including CSO Online, The Parallax, InfoSec Magazine, and K12 Tech Decisions. She covers a variety of security and risk topics and has also spoken on a range of cybersecurity topics at conferences and universities, including Secure World and NICE K12 Cybersecurity in Education. 

Keep up with the latest cybersecurity threats, newly discovered vulnerabilities, data breach information, and emerging trends. Delivered daily or weekly right to your email inbox.

You May Also Like


More Insights