Poor patching regime is opening businesses to serious problems | CSO Online

A recent S&P Global Ratings report reveals that 70% of organizations are not regularly patching flaws in their internet-facing systems, leaving them vulnerable to cyberattacks. The report attributes this to security team fatigue from a growing number of publicly disclosed vulnerabilities and suggests the Exploit Prediction Security Score (EPSS) system as a more effective prioritization method. The report also highlights the persistent exploitation of older vulnerabilities, emphasizing the need for improved vulnerability management practices.