Companies in S'pore lack proper security management

SINGAPORE--Companies here are vulnerable to network security threats due to a lack of proper vulnerability assessment and patch management, according to a new survey.

Conducted by asset and security management vendor Altiris, the study surveyed 140 IT managers and C-level executives and found that 46 percent do not conduct vulnerability audits.

Of the 54 percent who said their companies perform vulnerability audits, only 24 percent conduct them on a monthly or weekly basis, the study revealed.

System vulnerability audits, which include checks on factors such as antivirus and patch status, unauthorized and required software and hardware, and vulnerability signatures, give "a complete a view into each of the system's endpoints on the network," said Tom Galantomos, Altiris' Asia-Pacific director of strategic alliances.

"(Such audits) address issues exploited by virus attacks, e-mail trojans, or even simple local exploits such as weak passwords, storage devices and improper configurations," Galantomos said, in a media release.

The survey also found that 55 percent of companies surveyed do not have in place automated vulnerability audit, and patch management. This could lengthen the time companies take to protect themselves against vulnerabilities, Galantomos noted. Automation "significantly reduces the window in which networks are exposed to security threats," he added.

Respondents in the survey indicated that the top IT challenge for their companies was security management. Patch management, and backup and recovery, were ranked second and third respectively.