The most recent Qualys report has unveiled concerning figures of rising critical vulnerabilities, reaching a peak in 2023. Darren Humphries, Chief Information Security Officer (CISO) at Acora, provides insights on this pressing issue.
Darren Humphries highlights an urgent aspect of the current cyber security landscape: "Addressing the challenge of patching speed is critical. With 74% of businesses struggling to patch quickly enough, there is a need for a fresh perspective on understanding the attack surface and prioritising vulnerabilities."
The struggle to patch quickly enough, as Ponemon states, results in patches taking an average of 102 days to be implemented. Humphries suggests aligning with Gartner's stance on exposure management, where the focus shifts away from a high quantity of potential vulnerabilities and instead targets the ones that could severely affect essential systems such as payment systems or data servers.
Humphries prompts, "Are brands and companies finding it challenging to patch quickly because they're attempting to tackle every potential vulnerability rather than prioritising their 'crown jewels'? I believe that this is the case. Recognising and prioritising what truly matters in terms of attack surface and vulnerability is crucial."
Humphries stresses the importance of adopting a thorough approach to safeguarding, emphasising the need for a comprehensive strategy. This involves incorporating risk assessments, meticulous supply chain diligence, a robust patch management strategy, and innovative defence mechanisms to minimise the attack surface. The key focus should be on prioritising the protection of critical business assets and avoiding distractions by steering clear of non-essential elements in the security framework.
Humphries says, "It is essential to embrace risk assessments, supply chain diligence, rigorous patch management strategy, and innovative defences to reduce the attack surface. The emphasis should be on protecting vital business assets first, steering clear of distractions in the non-essentials."
Given that 74% of brands face patching challenges according to the statistics above, Humphries proposes that a systematic approach to prioritising vulnerabilities, especially those considered high-risk, could significantly fortify the cyber security landscape.
Darren Humphries' credentials exemplify his knowledge in this domain, as he has had a distinguished career with Fortune 100 Cyber Security suppliers and played a pivotal role in the development of Gartner-evaluated services. As a CISO at Acora, Humphries' adaptability in leadership, coupled with a results-oriented approach, has been influential in the cybersecurity milieu.
As part of his contribution, Humphries engages in key cybersecurity dialogues and continues to offer valuable insights on topics such as AI and quantum threats. These contributions help shape the discourse around future cyber issues.
As a company, Acora is recognised for its experience-led approach. This progressive technology services provider strives to strike a balance between a frictionless user experience and top-level security, thereby enabling businesses to reach their full potential.