The key to a successful cybersecurity strategy is knowing what you need to protect. Here’s the proof: half of companies surveyed by MIT Technology Review Insights and Palo Alto Networks have experienced a cyberattack originally from an unknown, unmanaged, or poorly managed digital asset, and another 19% expect to experience one eventually.
Without a full inventory of internet-connected assets, organizations simply can’t identify and remediate exposures to cyberattacks. Yet only half of companies surveyed ensure continual monitoring of assets, and just slightly more (57%) cite asset inventory as a critical precautionary measure.
The clock is ticking: while Fortune 500 companies find one serious vulnerability every 12 hours, it takes attackers less than 45 minutes to do the same as they scan the vastness of the internet for vulnerable business assets.
Making matters worse, bad actors are multiplying, highly skilled IT professionals are a scarce resource, and the demand for contactless interactions, remote work arrangements, and agile business processes continues to expand cloud environments. This all puts an organization’s attack surface—the sum total of the nooks and crannies hackers can pry into—at risk.
“We’ve seen a pretty steady set of attacks on different sectors, such as health care, transportation, food supply, and shipping,” says Gene Spafford, a professor of computer science at Purdue University. “As each of these has occurred, cybersecurity awareness has risen. People don’t see themselves as victims until something happens to them—that’s a problem. It’s not being taken seriously enough as a long-term systemic threat.”
Organizations must understand where the critical entry points are in their information technology (IT) environments and how they can reduce their attack surface area in a smart, data-driven manner. Digital assets aren’t the only items at risk. An organization’s business reputation, customer allegiance, and financial stability all hang in the balance of a company’s cybersecurity posture.
To better understand the challenges facing today’s security teams and the strategies they must embrace to protect their companies, MIT Technology Review Insights and Palo Alto conducted a global survey of 728 business leaders. Their responses, along with the input of industry experts, provide a critical framework for safeguarding systems against a growing battalion of bad actors and fast-moving threats.
The vulnerabilities of a cloud environment
The cloud continues to play a critical role in accelerating digital transformation—and for good reason: cloud offers substantial benefits, including increased flexibility, huge cost savings, and greater scalability. Yet cloud-based issues comprise 79% of observed exposures compared with 21% for on-premises assets, according to the “2021 Cortex Xpanse Attack Surface Threat Report.”
“The cloud is really just another company’s computer and storage resources,” says Richard Forno, director of the graduate cybersecurity program at the University of Maryland, Baltimore County. “Right there, that presents security and privacy concerns to companies of all sizes.”
Even more concerning is this: 49% of survey respondents report more than half of their assets will be in the public cloud in 2021. “Ninety-five percent of our business applications are in the cloud, including CRM, Salesforce, and NetSuite,” says Noam Lang, senior director of information security at Imperva, a cybersecurity software company,
By: MIT Technology Review Insights
Title: A game changer in IT security
Sourced From: www.technologyreview.com/2021/09/08/1034262/a-game-changer-in-it-security/
Published Date: Wed, 08 Sep 2021 12:00:00 +0000
Did you miss our previous article…