Why Companies Still Face Cybersecurity Breaches from Known Vulnerabilities

www.news4hackers.com-why-companies-still-face-cybersecurity-breaches-from-known-vulnerabilities-why-companies-still-face-cybersecurity-breaches-from-known-vulnerabilities

Companies keep getting breached by vulnerabilities they already knew about

Key Findings from the Vicarius Study

Scanning tools have advanced significantly, enabling organizations to identify more system weaknesses than ever before. A study by the security firm Vicarius highlights a critical gap between vulnerability detection and resolution. The research, based on responses from 300 IT and cybersecurity leaders in the U.S. and U.K. at companies with 500 to 2,000 employees, reveals that 58% of remediation efforts require manual intervention.

The Gap Between Detection and Resolution

While automated discovery, scanning, and reporting are widespread, the process of decision-making, approval, and implementation remains heavily reliant on human involvement. Only 7% of organizations have fully eliminated human oversight in remediation, a trend consistent across industries and company sizes.

Fragmented Workflows and Delays

The teams responsible for identifying vulnerabilities often lack the authority to resolve them. In 82% of cases, remediation occurs outside the group that discovered the issue. This creates a dependency on handoffs, shared ownership, and fragmented workflows, which introduce delays. Over a third of respondents reported that remediation responsibilities are unclear or situational, leading to prolonged inaction as teams determine who should act.

Automated Fixes vs. Manual Intervention

The initial response to critical vulnerabilities frequently involves creating a ticket in systems like Jira or ServiceNow, a step taken by 42% of participants. However, this marks the beginning of a multi-step process that includes prioritization, assignment, approval, and verification. While 25% of organizations deploy automated fixes directly through their platforms, the majority rely on manual intervention, often by individuals without full context or authority.

The Role of Automation and Human Oversight

Many organizations have robust systems for identifying flaws but lack equivalent structures for addressing them. A small subset of organizations has eliminated human involvement in remediation entirely, and their approach is remarkably uniform. According to Roi Cohen, CEO of Vicarius, the 20 organizations in this group followed a single path. All used a centralized platform for end-to-end remediation, integrating an average of three tools. Frontline teams in these organizations had direct authority to implement fixes without requiring approvals, a practice adopted by fewer than 20% of respondents.

Additionally, these groups enforced strict definitions of “done,” requiring verified rescan results before marking a vulnerability as resolved. Cohen emphasized that automation in these cases emerged as a result of streamlined processes, not the cause.

Known Vulnerabilities and Breach Risks

Known vulnerabilities continue to lead to breaches, with over half of organizations experiencing incidents linked to pre-existing weaknesses in their inventory. Nearly half of these incidents involved vulnerabilities that had been identified 30 to 90 days prior. Attackers leveraging automation and AI to exploit weaknesses faster capitalize on this delay.

Defining “Fixed”: A Critical Discrepancy

The definition of “fixed” varies widely between organizations. Half of respondents considered a vulnerability resolved only after a verified rescan, while the other half relied on less rigorous criteria, such as patch deployment without confirmation or formal risk acceptance by leadership. This discrepancy correlates with breach rates. Organizations requiring verified rescan results reported a 65.8% incident rate, compared to 89% to 93% for those using looser definitions.

Organizational Friction and Barriers

Cohen noted that teams using the least stringent criteria were nearly 40% more likely to face breaches from known vulnerabilities. The root cause of these challenges lies in organizational friction. Competing priorities, lack of dedicated remediation time, and bureaucratic approval processes hinder progress. Overwhelmingly, respondents cited these obstacles as the primary barriers to effective remediation.

Conclusion

The study underscores that the distinction between organizations successfully preventing breaches and those failing to do so is not about detection capabilities. It hinges on whether “done” means the exposure is fully eliminated or merely documented.


Blog Image

About Author

en_USEnglish