Most risk-based vulnerability management programs ineffective
Vulcan Cyber announced the latest results of its ongoing research into vulnerability risk prioritization and mitigation programs. Its findings highlight the struggle of IT security teams to transition from simple vulnerability identification to meaningful response and mitigation, limiting the risk insights business leaders and IT management professionals need to effectively protect valuable business assets.
According to a Vulcan Cyber survey of more than 200 enterprise IT and security executives conducted by Pulse, 86% of respondents rely on third-party vulnerability severity data to prioritize vulnerabilities with an additional 70% relying on third-party threat intelligence. This trend underscores the status quo in many cyber security organizations today in which many teams over-rely on metrics from third-party sources that lack the necessary context to understand and actually reduce risk specific to the enterprise.