Singapore firms struggling to keep up with security patches

Some 78 percent don't have adequate resources to cope with the volume of patches, and 58 percent say their data breaches are due to human error, reveals global survey.
Written by Eileen Yu, Senior Contributing Editor

Singapore organisations are struggling to cope with the volume of security patches, with 78 percent saying they lack adequate resources to keep pace and 74 percent citing the inability to take critical systems offline so these can be patched quickly.

As it was, these companies spent an average of 154 hours a week rolling out patches for their applications and systems, according to a survey conducted by Ponemon Institute and commissioned by ServiceNow. The online study polled just under 3,000 respondents worldwide, including 165 respondents from Singapore, who were from organisations with at least 1,000 employees.

Some 79 percent revealed that their company did not have sufficient personnel to deploy patches in a timely fashion to prevent a breach.

The study further revealed that 68 percent of Singapore companies planned to hire more resources, an average of three additional staff members, dedicated to patching over the next 12 months.

This might be especially critical considering that 58 percent said human error was the root cause of data breaches in their organisation, compared to the global average of 53 percent. Another 57 percent in Singapore pointed to external cybercriminal attacks as the cause.

In addition, IT security personnel in the city-state spent an average of 10 days manually coordinating patching activities across teams, though, 60 percent said manual processes placed them in a disadvantage with regards to patching vulnerabilities.

"Adding more talent alone won't address the core issue plaguing today's security teams," said Mitch Young, vice president and Asia-Pacific general manager for ServiceNow, which provides cloud automation platforms. "Automating routine processes and prioritising vulnerabilities helps organisations avoid the 'patching paradox', instead focusing their people on critical work to dramatically reduce the likelihood of a breach."

Explaining the patching paradox, the software vendor noted that hire more people did not necessarily mean better security, adding that companies struggled because hey used manual processes and were unable to prioritise what needed to be patched first.

"Most data breaches occur because of a failure to patch, yet, many organisations struggle with the basic hygiene of patching," Young said. "Attackers are armed with the most innovative technologies and security teams will remain at a disadvantage if they don't change their approach."

According to the survey, 45 percent of Singapore respondents experienced a data breach in the last couple of years, of which 57 percent confessed they were compromised due to a known vulnerability where a patch was available, but not applied.

In fact, 32 percent knew they were vulnerable before they were breached.

In total, these organisations spent 315 hours a week trying to prevent, detect, and rectify vulnerabilities. Patching activities alone, on average, cost them US$1.02 million a year.

Editorial standards