Flavijus Piliponis â stock.ado
Risk & Repeat: Vulnerability patching still falling short
Many organizations still fail to patch critical vulnerabilities, even when they're under exploitation in the wild. What are the best ways to improve patching rates?
This week's Risk & Repeat podcast discusses the current state of vulnerability patching and why many organizations still don't apply security updates in a timely manner.
Despite the number of attacks on both older, known vulnerabilities and critical zero-day flaws recently, research shows that many organizations fail to patch their systems. For example, more than a week after Microsoft revealed exploitation of four zero days in Microsoft Exchange Server, RiskIQ found more than 82,000 vulnerable servers that were still exposed to attacks. Meanwhile, the U.S. government recently warned nation-state attackers are exploiting unpatched vulnerabilities in VPNs, some of which were first disclosed and patched in 2018.
Why are some organizations slow to address critical bugs? Should vendors be doing more to help customers with vulnerability patching? And what are the best ways to reverse the trend? SearchSecurity editors Rob Wright and Alex Culafi discuss those questions and more in this episode.