Lack of time, low patching priority put firms at greater risk of cyberattacks

A resounding majority (71%) of IT and security professionals found patching to be overly complex, cumbersome and time consuming, a new survey from Ivanti says.

Ivanti surveyed over 500 enterprise IT and security professionals across North America and EMEA.

Results also showed that 57% of respondents stated that remote work has increased the complexity and scale of patch management.

Unpatched vulnerabilities remain one of the most common points of infiltration for ransomware attacks, which have increased in frequency and impact to businesses of all sizes. 

Patching to mitigate vulnerability exposure and ransomware susceptibility is contending with resource challenges and business reliability concerns. 

Among respondents, 62% said that patching often takes a back seat to their other tasks and 60% said that patching causes workflow disruption to users. 

In addition, 61% of said that line of business owners ask for exceptions or push back maintenance windows once a quarter because their systems cannot be brought down. At the same time, the speed of vulnerability weaponisation continues to increase.

IT and security teams simply cannot respond fast enough, as 53% said that organising and prioritising critical vulnerabilities takes up most of their time, followed by issuing resolutions for failed patches (19%), testing patches (15%) and coordinating with other departments (10%).

The myriad of challenges that IT and security teams face when it comes to patching may be why 49% of respondents believe their company’s current patch management protocols fail to effectively mitigate risk.

“The good news is that the combination of risk-based vulnerability prioritisation and automated patch intelligence can bring to light vulnerabilities that are being actively exploited and have ties to ransomware,” said Srinivas Mukkamala, SVP of Security Products at Ivanti. “With unique patch reliability, IT and security teams can seamlessly deploy patches and solve for common challenges that are putting organisations at risk.”

Top industry leaders, practitioners and analyst firms recommend a risk-based approach to identify and prioritise vulnerability weaknesses and then accelerate remediation.