In today’s digital landscape, cybersecurity remains top of mind for all organisations, whatever their size and wherever they are on their digital transformation journey. Naturally, this means that cyber insurance has become an important consideration. However, with policies that exclude specific security issues, businesses face the challenge of knowing how to protect critical data while meeting insurers’ requirements.
Steve Flynn, Sales and Marketing Director at ESET Southern Africa, notes that IBM Security’s Cost of a Data Breach Report 2022 indicates that 13% of security breaches are trackable to vulnerabilities in third-party software. More crucially, the time needed to identify and contain a breach averages 284 days, which demonstrates that insurers have some valid prejudices. Most notably, coverage is likely to be stopped by the provider if a company fails to act on a known software vulnerability, despite having access to industry-supported updates – particularly if this failure leads to a security breach.
“While cyber insurance stands as a rearguard precaution against acute risks, the best way to ensure these insurance providers will offer your business the protection you need is to implement a high-quality vulnerability and patch management solution. This is the solution that is ultimately your eyes and ears in respect of identifying vulnerabilities,” he says.
With this in mind, says Flynn, ESET has introduced its own Vulnerability Assessment (VA) and Patch Management (PM) capability. This falls under the company’s diverse ESET PROTECT platform.
“This product suite is aimed at helping businesses of all sizes to proactively detect and remediate security threats, in a timely and efficient manner. By lowering the risk of data breaches and other cyberattacks, while also focusing on other key areas of liability, the solution meets the prerequisites demanded for cyber insurance.”
“In a digital world, the security landscape requires rapid and effective action, the moment a threat arises. Managing vulnerabilities should therefore be a core aspect of your IT security. Implementing vulnerability and patch management means your business is less likely to experience an interruption of business continuity or a breach resulting from an unpatched known vulnerability,” he continues.
On the mitigation frontline
Flynn is quick to note that the average cost of a data breach in 2022 was calculated to be nearly $4.35 million. This shows why cyber insurance firms are reticent to offer policies to companies without proper vulnerability protection.
“Considering that a 2022 ServiceNow study conducted by the Ponemon Institute found that 57% of victims claimed a breach was due to unpatched vulnerabilities, and even worse, the same study indicated that 34% of these players were already aware of the vulnerability.”
“This is why an automated vulnerability and patch management solution is necessary – not only do you not have to wait for a human to implement the patch, but it can also be difficult and time-consuming to identify and prioritise vulnerabilities based on severity. This could easily lead to inefficient allocation of resources, which in turn creates increased risk.”
Such tools are vital for businesses of all sizes, he adds. However, for SMEs that might otherwise not be inclined, or may fail to stay in the know about cyber liabilities and vulnerabilities that could devastate their business, a Managed Service Provider (MSP) offers the answer. This benefits them not only from a cost perspective, but also leaves this crucial aspect of the business in the hands of experts.
It may be considered one of the basics of security, but vulnerability assessment and patch management – when implemented and maintained in league with endpoint security – sits on the frontline when it comes to mitigating cyberattacks.
“Although security today often tends to focus on threat detection and response, it remains vital that they do not neglect the prevention phase that includes vulnerability assessment and patch management. Moreover, as cyberattacks keep evolving and security demands become increasingly complex, ESET has worked to ensure that its enterprise-grade offerings now clearly reflect the changing needs of businesses of all sizes as they navigate the threat landscape,” continues Flynn.
For enterprises, managing patches and executing updates across entire networks is a foundation of good security practice. SMBs, on the other hand, want an easy-to-use solution that will keep them safe from disruption, while also keeping their costs down.
“Ultimately, the customisable patching policies in ESET Vulnerability and Patch Management give businesses flexibility and control so that their endpoints can be optimally patched promptly, thus minimising the risk of attack. Adopting this capability also ensures they can adhere to increasingly stringent cybersecurity insurance demands, not to mention regulatory requirements. In this way, you can always ensure you remain ahead of the bad actors out there,” he concludes.