Organizations hold a wealth of sensitive data. It doesn’t matter if the organization is a massive financial institution or a mom-and-pop shop. They are all targets for malicious actors. And unfortunately, as technology continues to evolve, so does the sophistication of these malicious actors.
Organizations can’t stop bad actors from attempting their crimes, but they can do well to prepare for any possible attack. The question, though:
Are they ready?
Absolute Security, a provider of enterprise cyber resilience solutions formerly known as Absolute Software, released its 2024 Cyber Resilience Risk Index to look at some concerning trends in corporate preparedness for cyber threats. The report found that many organizations struggle to keep pace with evolving security landscapes, particularly in the face of advancements in AI and the threat of software vulnerabilities.
One of the most concerning findings is the persistent delay in patching software vulnerabilities. The report indicates that a decent portion of organizations across various industries lag in implementing critical security updates, often taking “weeks or even months” to address known security holes. The education and government sectors were marked as the worst offenders, averaging 119 and 82 days, respectively, to patch vulnerabilities.
This delay creates a window of vulnerability for attackers to exploit. During this period, attackers can weaponize known exploits before they are addressed, which has a good chance to lead to significant breaches.
Moving on from patching software vulnerabilities, the report also found that 92% of enterprise PCs currently lack the necessary processing power, specifically RAM capacity, to effectively run AI applications. This finding throws a wrench into the plans of organizations rushing to adopt AI technologies.
Absolute Security stresses the importance of substantial hardware upgrades for successful AI implementation. However, replacing all devices can lead to complications. To ensure a secure large-scale rollout that complies with internal and external security policies, meticulous planning and flawless execution are crucial. Organizations must actively prioritize well-designed deployment strategies that minimize the risk of introducing new vulnerabilities during the upgrade process.
Another key point that the report revealed is that endpoint protection platforms, or EPPs, and network access security applications, when not paired with proper remediation capabilities, fail to function effectively 24% of the time. Additionally, the report highlights the presence of unsupported EPPs on nearly 14% of managed PCs. These unsupported applications create gaping security holes. Why is this important? Well, these security holes leave devices vulnerable to a wide range of attacks.
The Absolute Security report serves as a wake-up call for enterprises, urging them to reassess their current cybersecurity posture. By addressing these critical gaps in patching, AI readiness, and security tool effectiveness, organizations can significantly bolster their cyber resilience and mitigate the risk of a debilitating cyberattack.
“As an industry we are intently focused on the inevitable attack coming, breach waiting to happen and disruption around the next corner. Not enough attention is paid to the simple strategies that can dramatically increase your resilience to ensure you remain resistant to vulnerabilities and can recover quickly,” said Christy Wyatt, Absolute Security CEO. “The stakes continue to get higher as we face the urgent need to adopt AI and other innovations to remain competitive.”
In addition, the report provided CISOs and other security and risk professionals with a deeper understanding of what Cyber Resilience is and the practical information they need to identify and mitigate top security risk factors to improve their cyber resilience posture.
“Cyber Resilience is a paradigm that extends beyond traditional cybersecurity. It's about ensuring that your digital operations, which are the heart of your organization, can withstand and quickly recover from cyberattacks, technical malfunctions, deliberate tampering and new deployments,” said Wyatt.
Boosting cyber resilience is a key step in mitigating the risk of a debilitating cyberattack.
Edited by
Alex Passett
