After last summer saw massive ransomware attacks like WannaCry and NotPetya hit companies, the cybersecurity advice given to others was to patch systems quickly. However, many companies still struggle with the resources needed to do so, according to a recent survey from Sungard AS.
Some 73% of organizations said it is "very common" or "common" to have just one person responsible for alerting the business to vulnerabilities, and also applying patches and updates to systems and software, the survey of 510 IT and cybersecurity leaders found.
While nearly half of companies (48%) said that they implement security patches automatically via an automated process, many others lag behind: 25% said they do so within a day of a patch being released, 15% said within a week, 6% said within a month, and 3% said within a quarter. One percent said that security patches were rarely implemented at all, according to the survey.
SEE: Security awareness and training policy (Tech Pro Research)
Unsurprisingly, 62% of organizations said they were concerned by the rate at which they deployed patches and updates to systems, for fear that it may lead to a data breach. Nearly half (43%) of companies surveyed said they had suffered a cyberattack, hack, or data breach in the past year, the survey found.
The majority of companies do have one safeguard to mitigate ransomware in place: Backing up data frequently. Some 25% of organizations said they backup critical data, information, and systems hourly, 52% said daily, 4% said bi-weekly, and 4% said monthly, according to the survey. Having a backup means that if your business is hit by ransomware, you can wipe your systems and restore from the backup, rather than paying a hacker to decrypt your critical information.
In terms of what organizations are doing to educate employees about cyberthreats, 42% said they have cybersecurity-specific training in place. Some 27% said they do random testing, like mock phishing emails sent to employees, while 26% said they send cybersecurity communications out. Only 4% of respondents said their company has no training in place.
The big takeaways for tech leaders:
- 73% of organizations said it is common to have just one person responsible for alerting the business to vulnerabilities, and also applying patches and updates to systems and software. — Sungard AS, 2018
- 62% of organizations are concerned by the rate at which they deployed patches and updates to systems. — Sungard AS, 2018