Security News > 2022 > February > Even when warned, businesses ignore critical vulnerabilities and hope for the best
When tested, 28% of businesses had critical vulnerabilities - vulnerabilities that could be immediately exploited by cyber attacks.
A quarter of businesses neglected to fix those critical vulnerabilities, even though penetration testing had highlighted them to the business after a retest was completed.
Many vulnerabilities that are not addressed within the first year are never remediated, and more stringent regulation means businesses must begin to address these historic vulnerabilities if they are to avoid sanction and remain secure.
"Oliver Pinson-Roxburgh, CEO at Bulletproof, said:"Our research found that even when alerted to critical vulnerabilities which could be exploited by attackers, a quarter of businesses chose to leave them and hope for the best.
"Most businesses we work with do tackle the highest priority threats, but they are faced with limited time and resources. The problem we see is that almost every business is expanding its digital capabilities now, and this has led to an explosion of critical vulnerabilities as the attack surface grows. Most security teams I speak to are struggling to keep on top of even high-priority patches."
"The solution is a defence in depth approach, layering multiple cyber resilience tools and tactics to thwart potential attackers and protect critical business functions. With the looming threat of new regulation for non-compliant MSPs on the horizon, it will be interesting to see how far security teams can go in addressing these vulnerabilities over the next 12 months."
News URL
https://www.helpnetsecurity.com/2022/02/18/businesses-critical-vulnerabilities/