By Maria Eriksen Jensen
Aberdeen Group has published a really interesting new report – ‘Is Your Vulnerability Management Program Leaving You at Risk? (Most Likely, Yes)'. It shows that companies may actually be ignoring 80-90% of their end-point security risk by not investing in the most efficient and effective risk management approach. The report's findings are described as “wake-up calls for the risk-aware enterprise executive.”
I'd therefore like to share some of these findings with you. Overall, the research shows that companies with top performance in Vulnerability Management adopt an optimised, comprehensive, and risk-based approach.
Additional findings include:
- "In many ways, managing enterprise risk is like managing cholesterol: It comes in two types, both ‘bad' and ‘good'; we need both types to be healthy; too much of one type, or not enough of the other, can lead to other problems."
- "Any organization whose business involves networks, computers and application software is at risk due to vulnerabilities in these assets that can potentially be exploited."
- "Although senior management already understands the importance of managing vulnerabilities as part of their overall risk management strategies, they should take a closer look to ensure that they are not inadvertently accepting risks by ignoring them (e.g. in the case of third-party vulnerabilities)." Source: Aberdeen Group 2011
Secunia works closely with Aberdeen Group and has exclusive access to this report, therefore you can download it for free here.
I hope you find this report a valuable tool, particularly its simple framework for evaluating the business value for investments in Vulnerability Management.
Maria Eriksen Jensen
VP Marketing & Business Development