Is Your Vulnerability Management Program Leaving You at Risk?
In Aberdeen's research, "Managing Vulnerabilities and Threats: No, Anti-Virus is Not Enough" (December 2010), we saw that companies perceive malware as both high-incidence and high-risk, and that they are spending a material amount of money on their vulnerability management initiatives. But further analysis shows that in spite of these expenditures they may actually be ignoring as much as 80-90% of their endpoint security-related risk.
This white paper touches on the following:
- In many ways, managing enterprise risk is like managing cholesterol: It comes in two types, both 'bad' and 'good';
- Any organization whose business involves networks, computers and application software is at risk due to vulnerabilities in these assets that can potentially be exploited;
- Senior management should take a closer look to ensure that they are not inadvertently accepting risks by ignoring them (e.g. in the case of third-party vulnerabilities).