Patch Management a Key Area for Improvement at Most SMBs, Study Shows

Reading time: 3 min
Share this Share on email Share on twitter Share on linkedin Share on facebook

Cybercriminals often exploit flaws in unpatched systems to breach an organization, as in the 2017 WannaCry contagion and the massive 2018 Equifax incident. Perhaps it’s no surprise, then, that businesses big and small list patch management as a key pain point. And, according to a recent survey, small and medium-sized businesses are particularly susceptible to data breaches that use this attack avenue.

Improving security is the top IT priority for 57 percent of small and medium-sized businesses (SMBs), up from 54 percent in 2018 and 40 percent in 2017, according to a survey by infrastructure management firm Kaseya.

Survey results showed that 32% of respondent companies suffered a security breach in the last five years, with 10% affected by a breach in the last year alone. And almost 61% of respondents that had experienced a security breach in the last year had also suffered business-disrupting outages.

Many of those surveyed agreed that patch management was the primary area for improvement, as attackers often exploit poor patching practices to gain a foothold in an IT infrastructure.

Only 42 percent of respondents automate or plan to automate patch management, leaving 58 percent vulnerable to attacks exploiting unpatched systems. Similarly, just 42 percent monitor third-party software and apply critical patches within 30 days, again leaving a big window open to cybercriminals.

“Given that big security breaches are frequently a result of failure to patch in a timely manner, automated patching stands as a significant area for improvement for more than half of respondents,” researchers said.

Bitdefender’s business offerings, including those tailored for SMBs, protect against both unpatched and zero-day vulnerabilities by looking at the exploit techniques employed by attackers. Bitdefender GravityZone offers automated patch management, giving IT administrators peace of mind that no endpoint remains vulnerable to malware attacks or advanced persistent threats (APTs).