Organizations that are not good at cyber vulnerability management are more likely to have wider cybersecurity issues, according to a research report posted at S&P Global.
The research suggests that seeing the whole picture is key. Along those lines, the research note suggests that companies are best off if they base remediation priorities on the probability and potential severity and damage of an exploit.
“We consider vulnerability management to be a critical part of an issuer’s cybersecurity preparedness and indications of weak management of security flaws can weigh on our assessment of an entity’s risk management,” the report note said. The primary analyst was Paul Alvarez.
It is an important area to which attention must be paid. The S&P Global report found that there has been a growth in identified cybersecurity vulnerabilities. The research note, entitled “Cyber Risk Insight: Poor Cyber Vulnerability Management Can be a Governance Issue,” said the increase in recognized vulnerabilities is likely being driven by security competitions, “bug bounty” programs, and improved detection tools and techniques.
Vulnerability exploitation has cost more money and operational damage to groups directly and at a system level. They can be mitigated through well thought-out system redundancy design, rapid response, and cyber insurance. The increasing pace of vulnerabilities highlights the importance of proactive identification and elimination of vulnerabilities.
The S&P Global report pointed out that some systems are more vulnerable to cybersecurity attacks than others. For instance, those directly connected to the internet are more at risk than those that are not.
The firm also said that older vulnerabilities still can be exploited and, since those running the exploits are familiar with them, can be more effective. The report noted that vulnerabilities discovered in 2016 were the largest portion of those researchers found (28%), and almost a third were discovered seven or more years ago.
