Thought Leadership

Unpatched Vulnerabilities Are One of the Most Significant Threats

Unpatched Vulnerabilities

(May 2, 2022) The Ransomware Spotlight Year-End Report from CSW, Cyware, and Ivanti found 65 new ransomware-related vulnerabilities in 2021. However, 56 percent of the 223 vulnerabilities identified before 2021 are still being actively exploited for ransomware attacks. In other words, an organization is almost twice as likely to fall victim to ransomware due to unpatched vulnerabilities than a newly uncovered threat.

It’s not just ransomware. According to the 2021 X-Force Threat Intelligence Index from IBM, one-third of all data breaches stemmed from unpatched vulnerabilities — and this estimate is likely low. The Department of Homeland Security has estimated that approximately 85 percent of all security breaches involve unpatched software.

Fact is, unpatched vulnerabilities are one of the most significant threats organizations face. Hackers actively scan for and exploit vulnerabilities because it’s more efficient than developing zero-day threats. Organizations need to develop an effective strategy for ensuring that patches and updates are applied promptly.

A better approach is to outsource patch management to a managed services provider (MSP). A qualified MSP will ensure that the IT environment is kept patched and up-to-date, bolstering security and relieving the burden on in-house teams.

The Patch Management Problem

Many IT teams are overwhelmed by security events and alerts — and a significant portion of them are false positives. In a recent study conducted by the Ponemon Institute, IT security professionals reported that false positives comprised 27 percent of the threats identified through scanning on-premises systems. Scanning the cloud environment resulted in 31 percent false positives. Sixty percent of respondents said their teams waste time chasing down false positives and vulnerabilities that pose a minimal risk while not addressing more dangerous threats.

At the same time, vendors are constantly issuing patches and updates. It’s not uncommon for an enterprise organization to receive dozens of critical patches each day, and applying them throughout today’s complex IT environment takes time. IT teams are spread thin and simply cannot keep up with the onslaught. That’s why it takes an average of 12 days to apply one patch across the entire IT environment, according to the Ponemon Institute.

It’s not simply a matter of installation. Patches can sometimes have bugs or installation problems or create configuration conflicts with other hardware and software. These issues can have a cascading effect that causes downtime or poor performance.

Why Managed Services Makes Sense

Effective patch management starts with prioritizing the most critical unpatched vulnerabilities. IT teams should focus their efforts on tracking, testing, and implementing those patches as quickly as possible. This requires staying abreast of emerging threats and vendor bug fixes and updates that apply to the organization’s IT environment.

However, many IT teams have difficulty allocating resources to perform these tasks. The Ponemon study found that 73 percent of respondents lacked adequate visibility to prioritize patches and remediate vulnerabilities. When it came to remediation, 51 percent of organizations lacked sufficient IT staff to apply patches in a timely manner.

That’s why it often makes good business sense to outsource to an MSP. The MSP will have a team of an experienced and certified personnel who understand the threat environment and the idiosyncrasies of the various patches. The MSP will also have an advanced toolset for identifying and prioritizing vulnerabilities and automating many processes, along with well-tested methodologies for applying patches.

Unpatched vulnerabilities are putting organizations at risk of ransomware and other security breaches. It is critically important to develop an effective strategy for the prompt application of patches and updates or outsource the process to a qualified MSP.


Mainstream Technologies delivers a full range of technology services in Arkansas and the surrounding region including managed technology services and consulting custom software development and cybersecurity services. We also offer industry-leading data center services in our Little Rock facilities. Established in 1996, Mainstream has earned a reputation for delivering quality, reliable, and professional technology services for public and private-sector customers across the United States.

Jeff Pracht
IT Business Development Manager
(479) 715-8629 Office
(501) 529-0008 Mobile

Contact Us

  • Industry

  • Category

  • Regulation

  • Solution