- Asset Identification & Management
39% of respondents say they lack visibility into applications, underlying systems and vulnerabilities.
2. Vulnerability Identification
Of the 15,435 vulnerabilities discovered in 2014, 11% were rated “Highly Critical”, and just 0.3% as “Extremely Critical”.
3. Consistent Vulnerability Management
Less than 40% of organisations scan their entire network with active vulnerability scans more than once per quarter.
4. Risk Assessment
Risk assessments are used to identify, estimate and prioritise risk to organisations.
5. Change Management
60% of incidents can be attributed to errors by system administrators and other internal staff.
6. Patch Management
99.9% of the exploited vulnerabilities had been compromised more than a year after the associated CVE (Common Vulnerabilities and Exposure) was published.
7. Mobile Device Management
75% of respondents believe their mobile endpoints have been the target of malware over the past 12 months.
8. Mitigation Management
Secunia recorded 15,435 software vulnerabilities in 3,870 applications during 2014, a 55% increase in the five year trend and an 18% increase from 2013.
9. Incident Response
1 out of 5 security operations centres are not minimally prepared to respond to, much less detect, cyber threats affecting their organisation.
10. Automation
33% of respondent organisations manually remediate infected hosts. An approach which carries with it an increased “time of exposure” and therefore, increased potential for data theft and other forms of damage.