Skip to main content
close search
site logo
Dive Brief

Poor vulnerability management could indicate larger cyber governance issues, S&P says

Companies that fail to properly mitigate security vulnerabilities are leaving themselves open to malicious activity, the research firm said.

Published Oct. 29, 2024
David Jones's headshot
Reporter
An image COBOL computer code pictured on a green-screen computer monitor.
tigermad via Getty Images

Dive Brief:

  • Poor management of software vulnerabilities at a company can be an indicator of overall poor cybersecurity governance practices, S&P Global Ratings said in a report released Monday. 
  • Companies that fail to identify and remediate vulnerabilities could be held accountable when they are assessed for their overall level of risk management and internal controls, according to S&P. 
  • The report cited data in the 2024 Verizon Data Breach Investigations Report, which noted exploitation of vulnerabilities almost tripled in 2023. S&P analyzes thousands of companies and poor cyber hygiene could place a company at risk of operational disruption, reputational loss and financial impacts.

Dive Insight:

The recognition and remediation of software vulnerabilities has become an increasingly urgent issue in the cybersecurity community in recent years. 

These vulnerabilities involve flaws left behind in the code base of applications, which can allow malicious attackers to gain unauthorized access to computer systems. 

Vulnerability management has become a key concern for preventing ransomware and other malicious activity. 

CVEs are continuing to rise and are expected to reach nearly 35,000 in 2024, according to data from Coalition.

S&P analysts said the failure to manage these vulnerabilities could be a sign of larger security management problems of companies they monitor. 

Companies are attempting to prioritize the most serious vulnerabilities and are also being pushed to make sure their software is up to date, as threat groups are increasingly targeting older vulnerabilities in unpatched or older software.

“Having a vulnerability management process in place can help reduce cyber risk,” Paul Alvarez, lead cyber expert at S&P Global Ratings, said via email. “In fact, the NIST Cybersecurity Framework outlines the need to understand what vulnerabilities may be present as part of its risk assessment process.”

Federal agencies have made a major push to remediate critical vulnerabilities in the tools they use. In 2023, federal agencies remediated 872 vulnerabilities, a 78% increase from the year before.

Filed Under: Vulnerability

Editors' picks

Company Announcements

View all | Post a press release
Mystic Valley Elder Services Data Breach Investigation
From Migliaccio & Rathod LLP
October 31, 2024
TrustNet Named 2024’s Best Compliance Advisory and Audit Firm at CDM’s Annual Top InfoSec Inno…
From TrustNet
November 06, 2024
CUSO Financial Services, LP Data Breach Investigation
From Migliaccio & Rathod LLP
October 31, 2024
Fathom5’s ARIA Technology Joins NSIN Propel Maritime Digital Defense Accelerator
From Fathom5
November 18, 2024
Editors' picks
Latest in Vulnerability
image/svg+xml
Industry Dive is an Informa business
© 2024 Industry Dive. All rights reserved. | View our other publications | Privacy policy | Terms of use | Take down policy.
Cookie Preferences / Do Not Sell