A recent study by ServiceNow and the Ponemon Institute provides important information about the state of many organizations’ security and the lack of patches being installed for discovered vulnerabilities.

For the study, the Ponemon Institute surveyed 3,000 cybersecurity professionals. Fifty percent of US respondents had reported they experienced a data breach within the last two years.  Additionally, in the last 12 months there was a 15 percent increase in the number of cyberattacks and a 23 percent increase in severity of those cyberattacks.

The threat to all organizations is steadily increasing.  Fifty-four percent of respondents said attackers are outpacing organizations with technology such as machine learning and artificial intelligence. This means that security experts have to work harder to make networks more secure.

Sadly, 34 percent of breach victims knew they were vulnerable before a cyberattack occurred and 57 percent of breach victims said the breach occurred because of unpatched systems. Companies are not taking these cyberthreats seriously, and then suffer for it when a breach occurs. The Office for Civil Rights (OCR) and other government agencies continue to hand out lofty fines for data breaches.

Thirty-seven percent of respondents who were breached said they don’t scan for vulnerabilities.

“This scanning gap has a direct impact on breach rates. Among respondents that didn’t scan, 56% said they had experienced a data breach—as opposed to 45% of those that did scan.”

Additionally, of those that didn’t scan 32 percent stated that the breach was a result of an external attack.  Those that do scan said 65 percent of their breaches were from an external attacker.  This means that scanning significantly reduces the likelihood of internal breaches.

What does this mean?

Since 20 percent more of respondents didn’t conduct vulnerability scans experienced a breach, the best thing any organization can do is conduct regular vulnerability scans.  It doesn’t matter what size your organization is, it’s still important.

The cost of a vulnerability scan is much less expensive than a penetration test. Plus, it’s way cheaper than the cost of a breach.  Our partner, MainNerve, can help you with a quote on those services if you don’t feel like you are capable of running a vulnerability scan yourself.

To learn what else you can do to help reduce the risk of a data breach, join HIPAAgps today.