Security teams are stressed by the volume of vulnerabilities they must manage.
Security teams are stressed by the volume of vulnerabilities they must manage.

Companies, particularly very large enterprises (VLEs) are feeling the stress from the massive number of vulnerabilities they must manage – 74 percent of security teams felt overwhelmed by the vulnerability maintenance work and VLEs claimed to be managing more than one million vulnerabilities at any given time, according to a report from Bay Dynamics.

Some of the pressure came from having smaller budgets and teams, though the research, which came from a survey of more than 400 cybersecurity management personnel and individuals, found that “having a lot of money is not always a good thing,” as seen in the banking/finance/insurance industries where the budgets are more plentiful but the security staff is most overwhelmed.

Organizations in those sectors, like those in government, must maintain larger infrastructures, the “A Day in the Life of a Cybersecurity Pro” study, prepared by Enterprise Management Associates (EMA),  said.

“The report highlights how overwhelmed companies are in protecting themselves – very large enterprises by the sheer volume, medium sized companies by lack of resources,” said Steven Grossman, vice president of strategy at Bay Dynamics.

Grossman noted that many organizations are grappling with threat alerts and patch management. “79 percent of security teams stated they were overwhelmed by the volume of threat alerts…with 79 percent saying they had a significantly manual patching approval process,” he said.

“Despite these statistics, security organizations are giving it their best with what they have, but are still working in a hectic mode of operation,” Grossman said. “A high percentage of tickets are not even addressed or are categorized improperly by underlying tools that are only looking at their own technical dimension without the greater context of risk.”