ServiceNow, Inc. today released new research, “Today’s State of Vulnerability Response: Patch Work Demands Attention,” based on a survey conducted with the Ponemon Institute with nearly 3,000 security professionals around the globe, including 165 respondents from Singapore. The survey was carried out to understand the effectiveness of current vulnerability response processes which companies use to prioritize and remediate flaws in software that could serve as attack vectors.
Singapore was the second highest country that reported insufficient resources to keep up with the volume of patches (78 percent compared to 72 percent globally). Globally, organisations, including those in Singapore, plan to increase patching headcount by 50 percent in the next 12 months.
However, the report revealed security’s “patching paradox” – hiring more people does not equal better security. While security teams plan to hire more staffing resources for vulnerability response – and may need to do so – they will not improve their security posture if they do not fix broken patching processes. Firms struggle with patching because they use manual processes and cannot prioritize what needs to be patched first. The study found that efficient vulnerability response processes are critical because timely patching is the most successful tactic companies employed in avoiding security breaches.
“Adding more talent alone won’t address the core issue plaguing today’s security teams,” said Mitch Young, VP and GM, APJ, ServiceNow. “Automating routine processes and prioritizing vulnerabilities helps organizations avoid the ‘patching paradox,’ instead focusing their people on critical work to dramatically reduce the likelihood of a breach.”