HomeRisk ManagementsThe UK is Falling Behind Europe in Addressing Vulnerabilities for Exploitation

The UK is Falling Behind Europe in Addressing Vulnerabilities for Exploitation

Published on

spot_img

UK organizations are finding themselves behind their European counterparts when it comes to remedying software vulnerabilities listed in the US Known Exploited Vulnerability (KEV) catalog, a recent report from Bitsight has found.

In the report titled “A Global View of the CISA KEV Catalog: Prevalence and Remediation,” Bitsight analyzed the security posture of 1.4 million entities, excluding cloud and other service providers. The KEV catalog is an initiative by the US Cybersecurity and Infrastructure Security Agency (CISA) that documents security vulnerabilities that have been successfully exploited, including those associated with ransomware campaigns.

While federal agencies are given mandatory deadlines to patch the bugs listed in the KEV catalog, all organizations are encouraged to do the same as a best practice. However, the report revealed that UK organizations take an average of 225.4 days to remediate KEVs, which is longer than the 220.6 days it takes European entities.

In comparison, organizations in Germany take only 21.7 days to address KEV CVEs, making them the fastest in Europe and among the best performers globally. The report also highlighted that for non-KEV vulnerabilities, the figures are even worse for UK and European organizations. UK organizations take over two years (736.6 days) on average to patch vulnerabilities, while the average across the continent is 573.9 days.

Globally, organizations are performing better than their UK and European counterparts, with the average KEV being resolved within six months (around 180 days). Despite finding fewer KEVs in their environments compared to the rest of Europe, the figures should still raise concerns for UK Chief Information Security Officers (CISOs). On average, 30% of UK organizations had detectable KEVs in 2023, compared to an average of 43% in the rest of Europe.

Derek Vadala, the Chief Risk Officer at Bitsight, emphasized the importance of organizations being swift in mitigating vulnerabilities. He stated, “Most organizations are still too slow to mitigate. The situation creates significant risk. It speaks to the need for business leaders on the board and in the C-suite to recognize these vulnerabilities as the serious threats they are, and demand a security posture that prioritizes deep insight and swift action. From there, organizations have an opportunity to grow.”

In conclusion, the report sheds light on the remediation challenges faced by UK organizations compared to their European counterparts regarding software vulnerabilities from the KEV catalog. With the growing sophistication of cyber threats, it is essential for organizations to prioritize swift action in addressing these vulnerabilities to enhance their overall security posture.

Source link

Latest articles

93% of vulnerabilities remain unanalyzed by NVD since February

The recent slowdown at the National Vulnerability Database has caused a backlog of 93%...

CyberArk Embraces Machine Identity with Venafi Deal

The recent trend in cyber attacks has shifted to targeting machine identities in addition...

ShrinkLocker: Turning BitLocker into ransomware – Source: securelist.com

In a recent incident response engagement, a clever technique involving the misuse of the...

Seventy Percent of CISOs Concerned About Their Organization’s Vulnerability to Significant Attacks: The Register

Chief information security officers worldwide are feeling anxious about the future, with a recent...

More like this

93% of vulnerabilities remain unanalyzed by NVD since February

The recent slowdown at the National Vulnerability Database has caused a backlog of 93%...

CyberArk Embraces Machine Identity with Venafi Deal

The recent trend in cyber attacks has shifted to targeting machine identities in addition...

ShrinkLocker: Turning BitLocker into ransomware – Source: securelist.com

In a recent incident response engagement, a clever technique involving the misuse of the...
en_USEnglish