Vulcan Cyber – which offers a risk-based remediation platform for infrastructure, application and cloud-based security – published the results of a new survey into cyber-risk remediation initiatives and their impact on business operations.
Of note, about 76 percent of respondents in the Pulse-conducted “How Are Businesses Mitigating Cyber Risk?” study revealed that a security vulnerability had impacted their business over the past year. The findings, Vulcan noted, “underscore the pervasive impact security vulnerabilities continue to have on business, as well as the ineffectiveness of traditional approaches to vulnerability management.”
Other findings of note include 52 percent of those surveyed placing just a “moderate level of importance” on risk-based vulnerability management, compared to the 33 percent who consider it “very important.” Meanwhile, average vulnerability dwell times ranged from one day (46 percent) to “more than a week” (31 percent).
At the same time, 30 percent evaluate cyber-risk using external models such as ATT&CK; 27 percent use a “home-grown scoring model” and 20 percent employ business-oriented models such as FAIR. Most common vulnerability scanners employed by IT security teams for infrastructure scanning, in descending order, included Qualys, Crowdstrike, AWS Inspector, Tenable.sc, Tenable.io, Palo Alto Networks’ Prisma Cloud, Rapid7 InsightVM, Rapid7 Nexpose, Orca and Aqua Security. Prisma Cloud, meanwhile, is the most popular for applications, with more than three-quarters of respondents placing the same risk analytics prioritization on infrastructure and application security.
“There is a clear and widening gap between enterprise vulnerability management programs and the ability of IT security teams to actually mitigate risk facing their organizations,” said Yaniv Bar-Dayan, CEO and co-founder, Vulcan Cyber. “As security vulnerabilities proliferate across digital surfaces, it’s increasingly critical that all enterprise IT security stakeholders make meaningful changes to their cyber hygiene efforts.”
Pulse and Vulcan Cyber surveyed 200 “cybersecurity leaders.”