Each data breach in the United States now costs $8.64 million, a 5% increase from 2019 to 2020. New vulnerabilities are disclosed on a daily basis, and old vulnerabilities are still being exploited months and years later. Regulators have been applying stiffer fines whenever personal data security is involved, making risk management process mistakes more costly than ever.
CISOs and security leaders are taking steps to strengthen their risk management process and vulnerability management programs as the stakes continue to rise. However, these five common mistakes are making vulnerability management, and ultimately vulnerability remediation, less effective, increasing risk to the business:
- Risk management process in silos
- Chasing the headliner vulnerabilities
- Remediating without context
- Disassociating security from business
- Remediating vulnerabilities manually
This blog post summarizes a Vulcan Cyber webinar on the topic of the top mistakes everybody makes in vulnerability management. Watch it here.
Risk management process in silos doesn’t work
This is probably the most-common mistake. Vulnerability remediation at enterprise scale often means processes are competing for the same company resources; the same attention from management, the same people, the same downtime maintenance windows, etc. Different teams using their own best-of-breed tools is just too much to handle. In order to effectively implement risk management process we must come up with a consolidated framework to execute remediation outcomes and address the right risks first.
Chasing the headliner vulnerabilities
Often, the dramatic headlines and international cyber attacks take all of the oxygen out of the room. But if your efforts simply track what’s in the media, you might be missing the less-publicized threats that have the most potential to hurt your company.
This is exactly what happened to Equifax, which was breached through an exploit with a known solution. According to 42% of respondents to the latest Ponemon and IBM report on vulnerability management, data breaches occurred because a patch hadn’t been applied to an existing vulnerability.
For the most-effective vulnerability remediation strategy, stay focused on the most-immediate threats that are relevant to your specific network. And do the work to identify what is relevant, which leads to the next mistake.
Remediating without context
For some companies, the vulnerability triage process starts and ends with “how critical is the CVSS mark?” Everything else is dealt with later.
This is an ineffective approach. While teams focus on the blaring alarms and flashing lights, cybercriminals often look for lower-ranked vulnerabilities, precisely because they are looked at last.
Given the sheer volume of vulnerabilities introduced every day, your risk-based prioritization efforts should keep you focused on what really matters most to your business. We must operate to achieve context. Adopt a risk-based approach instead, and evaluate which risks are the greatest and most imminent threats to your digital infrastructure.
Disassociating security from business
Security, IT operations, and engineering teams each have different objectives and priorities. Misalignment can cause tension. Dev teams value moving fast and delivering new value.IT operations teams want to keep systems available and stable. Security teams want to minimize risk to the business, often at the cost of dev speed or IT stability. But when it comes to contributing to bottom-line business goals, security is often not in the mix.
Vulnerability remediation requires buy in from all three teams with processes spanning team silos and aligning to the business. Management and communication are key. Here are some tips to get security to be a more visible business objective:
- Highlight vulnerability remediation as a high-level business strategy that everyone shares.
- Try to ensure all groups are speaking the same language.
- Expect individual teams to continue to use the tools they always use.
- Look for ways to offer solutions, rather than just indicating problems.
- Use quantitative benchmarks that align with your company’s specific needs and processes.
- Measure and demonstrate the progress that’s been made in vulnerability remediation.
Fear of automation
In the past two years, more than 30,000 vulnerabilities have been discovered—far too many for any team to handle manually.
There are faster software development cycles now than ever before. The modern enterprise environment has changed and introduced a wider range of tools and software within networks. With these changes, vulnerability remediation strategies have shifted radically.
Automation is key to remediating vulnerabilities at scale, as quickly, consistently, and accurately as possible.
Vulcan Cyber orchestrates risk management process
These five common mistakes in the implementation of an effective risk management process can have dire consequences. With the Vulcan Cyber® remediation orchestration platform, you can avoid them by focusing on:
- Prioritization: Our platform prioritizes vulnerabilities in relation to how they impact your specific network environment.
- Visibility: Gain complete visibility into your network by using the Vulcan Cyber platform, which flags misconfigurations and blind spots that other tools miss. The platform integrates with deployment tools, configuration management tools, asset inventories, and vulnerability assessment tools to orchestrate your strategy.
- Collaboration: Each team can continue to use its own tools, while collaborating through the centralized Vulcan Cyber platform. This enables a comprehensive, seamless approach to vulnerability remediation.
- Remediation: With Vulcan Cyber remediation orchestration, Remedy Cloud remediation intelligence, you’ll see each vulnerability detected in your environment, how many vulnerability instances there are, a risk score in the context of your specific environment, and the most relevant options for remediation through Remedy Cloud. At the click of a button, you can generate scripts for any of the leading deployment tools.
- Automation: Deal with any threats effectively, consistently, and promptly. Vulcan Cyber provides customized playbooks for your environment, helping you automate threat remediation with intuitive, clear, and customized playbooks for your unique environment.
Register to watch the Vulcan Cyber webinar titled, “The Top Five Mistakes Everybody Makes in Vulnerability Management.”