Security Intelligence -
High-Severity Vulnerabilities Now Take Nearly 250 Days to Remediate, Survey Finds
Businesses and agencies today are spending an average of about 250 days to remediate high-severity risks, NTT Application Security found.
This length of time gives attackers nearly a year in the target network. From there, they can misuse security weaknesses for gaining a foothold and/or moving within the network to other assets.
Read on to understand what factors make it take so long to remediate problems.
Nearly a Year at a Time to Remediate
Researchers found that the average time needed to fix vulnerabilities grew from 197 days to 202 days over the first half of 2021, said the report.
The window was even greater for high-severity vulnerabilities. It took 194 days at the beginning of the year to fix those types of flaws. By the end of June, it took 246 days.
These lengths of time could explain the decrease in remediation rates observed by the study. For critical vulnerabilities, the standard dropped from 54% in January 2021 to 48% six months later. The rate for high-severity vulnerabilities fell even more in H1 2021 from 50% to