Meltdown and Spectre will delay patching for most organizations
Complexity and challenges associated with the Spectre and Meltdown patches will result in companies delaying future patch rollouts, according to Barkly.
72% of organizations planned to slow future rollouts and yet 50% of organizations lack a strategy for securing endpoints that are waiting to be patched, leaving companies exposed.
Applying the Meltdown and Spectre patches has been a long, frustrating process for many organizations and the survey findings show it is far from over. One month after the January Windows security update was released, one third of organizations reported that 25% or less of their machines had received the update and implemented it.
Poor communication, incompatibility issues, and roll backs due to faulty firmware updates have left many frustrated. 80% of respondents said they found the Meltdown and Spectre patching process to be unclear. A staggering 88% expressed frustration with the process, overall.
While experts have been warning the industry that the only long-term, fool-proof fix for Spectre variant 2 is replacing CPU hardware, this survey revealed another equally damaging part of the vulnerability’s legacy may be a lingering hesitancy to deploy patches in a timely manner.
The majority of respondents said they have purposefully held off on applying Meltdown and Spectre-related updates, and plan to do so only after testing for compatibility and performance issues. 22% say they may not apply patches at all in cases where they anticipate a significant hit to performance. 72% of organizations say they are likely to roll out patches more slowly in the future.
“Meltdown and Spectre have been a painful reminder of how problematic and slow patching can be. It is critical that organizations ensure their endpoints are secure with the strongest, smartest protection, especially in between periods of patching when an organization is most vulnerable,” said Mike Duffy, CEO of Barkly.