Only about one in five companies is "completely prepared" for the next virus attack, according to the results of a survey of 150 IT professionals who manage software updates for their companies. The biggest problem when businesses are hit by a virus is user downtime.
The survey, completed last month by research firm InsightExpress and commissioned by SupportSoft Inc., a developer of software for managing software updates, portrays patch management as an ongoing issue that poses a variety of risks. For example, patching still takes a week or longer at about a quarter of companies. That compares with 19% of respondents who say their IT organizations distribute patches to all computers within hours and 57% that do the job in days.
When asked how well prepared their IT organizations were for a virus attack, three-quarters are only "somewhat prepared," compared with 21.3% that are completely prepared. "It shows companies are struggling to get a handle on patching," says Michael Cherry, an analyst with Directions On Microsoft.
The biggest concern among survey respondents is spyware, cited by 25%, followed by viruses and other kinds of malicious software. The most difficult part of patch management is an inability to update all systems with a single patch (24% of respondents) and the sheer number of patches that need to be distributed each month (21%).
Keeping up with Microsoft's monthly security bulletins and associated software patches has been a challenge for some IT departments. In February, Microsoft issued a dozen security bulletins that addressed 17 vulnerabilities in Windows or its other products. This month, Microsoft customers may get a respite. The company said Thursday it doesn't plan to issue any new security bulletins next week when it would normally do so. The last time Microsoft went a month without issuing patches was more than a year ago.
