Real Trends and Practical Solutions for More Effective Cyber Hygiene

As we can all attest to, navigating uncharted waters is the new normal. As we shift our work, school, and social lives completely online, we know first and foremost the goal is to protect our community and ourselves. We also realize, though, that many organizations may be struggling to conduct business as usual as they shift entire workforces to work remotely from home. Keeping corporate endpoints secure as they move outside the corporate perimeter may be proving to be a complicated task-at-hand.

As you shift, know you have our support. Automox is giving free, 90-day access to our endpoint hardening platform for companies needing a solution to secure their remote teams. We are here to help you be confident that everyone working from home is safe, connected, and protected as possible.

One thing that remains constant, and in many ways becomes more readily apparent during these transitional times, is the need for effective cyber hygiene. Now more than ever, we are seeing a need for organizations to be more aware, vigilant, and quick in how they respond to potential cyber threats. While we know that enterprises don’t deny the importance of endpoint patching and hardening to their overall cybersecurity initiatives, how capable are they in practicing effective cyber hygiene, and what are the main inhibitors to successfully do so – particularly during these times of uncertainty?

To help you navigate the answers to these questions, we’re happy to unveil the 2020 Cyber Hygiene Report: What You Need to Know Now. Our report provides a benchmark to industry’s ability to enforce basic cyber hygiene on endpoints and systems to prevent data breaches. Our goal with the first inaugural Cyber Hygiene Report is to give IT professionals the insight and data they need so they can benchmark the performance of their organizations against peers and develop insights into how to make improvements that will pay off.

We encourage you to download the report to benchmark how resilient your organization is compared to industry peers. Here’s a quick snapshot of the data.

The Patching Dilemma Continues

The inability to enforce basic cybersecurity hygiene across organizations is the worst-kept secret in the industry. Organizations know that slow endpoint patching, system misconfigurations and the inability to address known vulnerabilities is a leading cause of data breaches.

The WannaCry ransomware attack in 2017 was one of the clearest examples of what happens when patches aren’t applied in time. The ransomware spread rapidly by exploiting a known vulnerability that was unpatched in a large majority of organizations for months.

According to the survey, the patching problem persists.  When asked what the leading causes of any data breach and organization experience, missing patches and misconfigurations are three of the four leading root causes. In fact, they are the number one technical reason breaches occur from a technical attack surface perspective:

  • Phishing attack: 36%
  • Missing patch on OS: 30%
  • Missing patch on app: 28%
  • OS misconfiguration: 27%

While advanced attacks and nation-state campaigns dominate the headlines, the results show that faulty patching and hardening are the IT world’s most vulnerable technical attack surface.

Industry Failing to Move Fast Enough

According to leading industry data, adversaries are weaponizing new critical vulnerabilities within 7 days on average. And zero-day vulnerabilities are already weaponized at the moment of disclosure, yet companies can take up to 102 days to deploy patches.

This is why Automox is setting the 24 / 72 threshold for endpoint hardening.  By committing to eliminate zero-day exploits within 24 hours and critical vulnerabilities within 72 hours, organizations can prevent vulnerabilities being weaponized against them.

According to the report – the industry is still catching up to meet this standard.

Currently, less than 50 percent of organizations can patch critical vulnerabilities within 72 hours of disclosure, and only about 20 percent can patch within the 24-hour window available to stop zero-day attacks. Also, around 15 percent of systems remained unpatched after 30 days.

These numbers get worse when looking at remote desktops and laptops. As millions of workers have been unexpectedly forced into remote work situations this month, the data shows that it’s creating new vulnerabilities across organizations.

According to the report, only 42 percent of companies can patch remote endpoints within three days and 15 percent within one – highlighting the struggles companies face with patching and hardening remote endpoints.

Embracing Automation Can Shorten Cycles and Secure Your Organization

The good news from the report is that companies are increasingly embracing automation as a potential antidote for the security challenges outlined above.

According to the report, 96 percent of organizations have some automation for endpoint patching and hardening, but only 23 percent are fully automated.

While automation is no panacea, higher levels of automation are associated with better cyber hygiene.

This is why Automox developed an architectural approach to its platform that is based on the understanding that proactive cyber hygiene and the hardening of endpoint infrastructure is the key to a strong cyber defense. Our cyber hygiene closes the aperture of attack by more than 80% with just half the effort of traditional solutions.

So how does your organization compare to the Cyber Hygiene index? Download the report today and let us know.

About Automox Automated Patch Management

Facing growing threats and a rapidly expanding attack surface, understaffed and alert-fatigued organizations need more efficient ways to eliminate their exposure to vulnerabilities. Automox is a modern cyber hygiene platform that closes the aperture of attack by more than 80% with just half the effort of traditional solutions.

Cloud-native and globally available, Automox enforces OS & third-party patch management, security configurations, and custom scripting across Windows, macOS, and Linux from a single intuitive console. IT and SecOps can quickly gain control and share visibility of on-prem, remote and virtual endpoints without the need to deploy costly infrastructure.

Experience modern, cloud-native patch management today with a 15-day free trial of Automox and start recapturing more than half the time you're currently spending on managing your attack surface. Automox dramatically reduces corporate risk while raising operational efficiency to deliver best-in-class security outcomes, faster and with fewer resources.

Dive deeper into this topic