Organizations' patching cadence correlates to likelihood of breach: MMC, BitSight
Advisen
Organizations' patching cadence correlates to likelihood of breach: MMC, BitSight
By Erin Ayers, Advisen
How quickly organizations patch software vulnerabilities shows a clear correlation to their likelihood of experiencing a cyber event, according to new research from BitSight and Marsh McLennan’s Cyber Risk Analytics Center (MMC)
“Rapid changes in the cybersecurity landscape have created a renewed sense among stakeholders of how to reduce the likelihood of business-impacting cybersecurity incidents and strengthen cyber resilience,” said the two firms in their report. “With the stakes higher than ever, market participants can benefit from analytics that demonstrate which cybersecurity improvements are likely to yield the highest impact.”
Patching cadence led a list of 14 risk vectors, followed by whether desktop and mobile software is updated regularly and whether devices are monitored for unwanted or malicious programs.
Lower on the list were open ports, TLS/SSL configuration and certificates, and “spam propagation,” which measures whether organization is infected with malware and sending unsolicited commercial or bulk email.
According to BitSight and MMC, understanding which risk factors have a higher correlation of risk can help organizations reduce their likelihood of a cyber event. It can also help prioritize their resources and inform security investments. The firms also say it can assist cyber insurers in underwriting accounts.
Managing Editor Erin Ayers can be reached at erin.ayers@zywave.com