Scott Gordon talks about how organizations are contending with increased cyber risk due to a worsening threat landscape and more organized threat actors.
Cybersecurity leaders continue to calibrate and extend their attack surface management capabilities. An attack surface comprises entry points where a user or system is susceptible to attack, and as a result, provides unauthorized access to a system and data. This encompasses understanding the range of internal and external attack vectors that could be exploited, such as endpoints and network devices that are poorly maintained, improperly accounted for public-facing cloud resources, systems with known vulnerabilities, and malicious sites posing as trusted sites designed to dupe users to provide access credentials.
The question is, given today’s accelerated hybrid workplace, multi-cloud, and digital business growth, how are organizations contending with increased cyber risk due to a worsening threat landscape and more organized threat actors?
A recent 2022 Attack Surface Management Maturity report shed light on the current state, exposures, and priorities that organizations are considering to fortify their security posture. This survey, conducted by Cybersecurity Insiders, asked more than 350 security professions in enterprise organizations across industries their views on business outcomes, remote work, policy shifts and more, and revealed many useful findings.
While 40% have confidence with the measures their organizations have taken in attack surface management, the remaining have low to no confidence. The outcome of related security issues over the past 12 months resulted in a third indicating an impact on employee productivity and reduced business activity. Surprisingly, only 10% admitted to data leakage issues, but over 20% experienced increases in IT incident response expenditure – adding more pressure against anticipated shrinking budgets.
The results also indicated that 64% of organizations will continue to support a hybrid workplace. Recent resurging and new pandemic concerns combined with the financial advantages reduced office operating costs bring, support this trend. Remote employees not only need timely provisioning of endpoints and software, but also have increased security risks. More than half of respondents observed remote workers deviating from policy, which suggests the necessity for organizations to monitor policy compliance across multiple controls per asset type and user role.
Cloud implementations grew exponentially in the past year. In fact, 80% of organizations have either a multi-cloud or hybrid IT strategy. However, 84% lack unified cloud visibility despite experiencing compliance, infrastructure, and misconfiguration visibility and control automation issues. This shows that IT and security staff are using a variety of tools to attempt to identify unaccounted for, unmanaged, or at-risk resources in each of their virtual and public cloud environments.
Without centralized and actionable control data, organizations will continue to deal with more inefficiencies to preempt exposures, delayed response to issues, and inaccurate tracking of risk mitigation.
Among other growing pains, nearly two-thirds indicated their organizations have asset inventory management issues manifesting in network infrastructure, malware, and configuration compliance. Less than half of those surveyed expressed that their organizations possessed advanced asset intelligence – having visibility and insight for over 75% of their assets. However, the majority indicated poor inventory intelligence. No doubt that IT and security professionals must manage a greater variety of technology across a more distributed IT estate. Accurate, consolidated inventory remains a cornerstone to numerous operational and security frameworks. Most organizations surveyed shared that they had piecemeal and inconsistent asset controls, insights, and details concerning business ownership, type, security state, and lifecycle state.
Consistent vulnerability assessment and patching are well known attack surface management best practices. Yet nearly three quarters of respondents still expressed only moderate patching efficacy. Extrapolating this sentiment further, without multi-source asset data aggregation and correlation capabilities, the higher order needs to identify and respond to operational trending, anomaly, exposure, and compliance information will remain fragmented and inaccurate, which delays audit process and increases costs, as well as undermines resource optimization initiatives.
The scope of attack surface management is wide. This requires monitoring, mitigation and analytics of not only the internal attack surface, but the external attack surface. As such, IT and security professionals must rely on a portfolio of tools that cover the operations and defense of different classes of assets and across different IT domains and businesses. As much as leaders consider the potential economies of consolidating tools, on-going and evolving technology adoption, operating ecosystems, digital business requirements, and varying compliance specifications will more likely offset consolidation benefits. Additional considerations to maintain trained staff will also come into play. For example, those surveyed shared that their highest challenge to protect cloud infrastructure was lack of qualified staff.
How will organizations move the needle towards improving their security posture? Will they replace siloed management tools for a centralized platform or continue to expand their tool set investments? This question was posed, and the answer shows the enormity of considerations at play. Over a third of security leaders and practitioners remain undecided whether or not to replace their tools. Nearly half of response appeared to favor moving to a centralized platform, which accommodates both consolidating and keeping existing IT tools to progress attack surface management capabilities.
As organizations determine how to better leverage their endpoint, application, network infrastructure, cloud, and security management tools to improve their security posture and cyber resilience, a platform approach to enterprise technology management would provide a centralized means to gain accurate and timely asset visibility and requisite analytics. This approach could also provide automation to streamline security, compliance, audit and attack surface management processes, while allowing organizations technology management stack investment and optimization flexibility.
Visit AITechPark for cutting-edge Tech Trends around AI, ML, Cybersecurity, along with AITech News, and timely updates from industry professionals!