Updates. Patches. Bug Fixes. Ignore them at your own peril. I am never surprised how many IT Teams do so.
A quarter of companies don't have time for "security".
Two thirds of companies say they would be able to hack their own company.
Penetration testing? Who needs it anyway?
I have learnt from experience that almost a quarter of companies ignore bug fixes, patch management and software updates. This then means that most companies are still behind with proper security practices. Some of these companies even intentionally ignore security flaws for various reasons ranging from "a lack of time" to a "lack of know-how".
What worries me, is that some companies wait a while before applying patches, exposing their IT infrastructure to cyber-attacks and vulnerabilities of an unacceptable nature.
Waiting one month is not unusual, whilst there are on occasions, companies that only apply updates once or twice a year.
These confessions from IT professionals offer insight to some pretty unacceptable failings when it comes to overall company "best practice" for infrastructure security.
When asked if companies undertook independent penetration testing from an accredited cyber security company, it is reported by the industry that only 17% said yes, while 35% said that even if they were to hire penetration testing services, they were sure the pen-testers wouldn't expose any new risks or flaws.
Even more worrying is the percentage of companies ignoring the results of penetration tests and the associated remedial recommendations.
These "failing" IT professionals must start accepting responsibility for infrastructure security. It could also mean "their job" if a serious breach is experienced because he or she ignored basic "best practices principles".
Just saying we "don't have the time" or the "know-how" is not an excuse.
Stay safe, run your updates, patches and bug fixes. Remember, your security is only as good as your policy towards security.
At Caretower, we provide dedicated and bespoke penetration testing at applicable levels depending upon the expectations your company seeks. We can also provide expert advice and security solutions to meet the needs of your business now and moving forward year by year.
MIET, MBCS, Security & GDPR Specialist