Bernard Montel, Cybersecurity Strategist and Technical Director, Tenable, discusses how companies should focus their efforts on strengthening defences to deflect cyberattacks:
Organisations around the world are finding themselves falling foul to cyberattacks and the tide doesn’t look like turning any time soon. A study, based on a commissioned survey of 825 global cybersecurity and IT leaders conducted in 2023 by Forrester Consulting on behalf of Tenable, found that, in the last two years, the average organisation’s cybersecurity programme was prepared to preventively defend, or block, just 57% of the cyberattacks it encountered. This means 43% of attacks launched against them are successful and must be remediated after the fact. Nearly three-quarters (74%) believe their organisation would be more successful at defending against cyberattacks if it devoted more resources to preventive cybersecurity.
Securing today’s complex and dynamic IT environments has never been more important. With its reliance on multiple cloud systems, numerous identity and privilege management tools and multiple web-facing assets, brings with it numerous opportunities for misconfigurations and overlooked assets. While 75% of respondents said they consider user identity and access privileges when they prioritise vulnerabilities for remediation, half say their organisation lacks an effective way of integrating such data into their preventive cybersecurity and exposure management practices.
The study found that important context about users and access privileges is hard to come by – seven in 10 respondents said that their siloed systems form a barrier for obtaining user data. The siloed nature of the thousands of point solutions offered by cybersecurity vendors makes it nearly impossible for security and IT leaders to understand the full depth and breadth of an organisation’s exposure.
Just because it’s hard, doesn’t mean it’s impossible. Securing today’s complex and dynamic IT environments requires a holistic approach. Preventive cybersecurity requires the ability to assess and prioritise vulnerabilities and misconfigurations in context with user data and asset prioritisation so that IT and cybersecurity employees can make the right decisions about which systems or classes of users and assets to remediate first.
An exposure management programme brings together data from tools associated with vulnerability management, web application security, cloud security, identity security, attack path analysis and attack surface management and analyses it within the contextual view of an organisation’s unique mix of users and IT, operational technology (OT) and Internet of Things (IoT) devices and software to effectively evaluate what’s happening across the attack surface. The goal? Having the contextual data needed to execute an on-going, preventive security programme built on risk-based workflows.
Security needs a unified and contextual view of its environment. By focusing resources on the vulnerabilities that are exploitable and understanding how attackers chain vulnerabilities and misconfigurations, security teams can design more complete strategies for reducing their overall risk exposure. Understanding attacker behaviour helps inform security programmes and prioritise security efforts to focus on areas of greatest risk and disrupt attack paths, ultimately reducing exposure to cyber incidents. Organisations that can anticipate cyberattacks and communicate those risks for decision support will be the ones best positioned to defend against emerging threats.
Organisations must take action to understand the risks they face, address the challenges standing in their way and ultimately reduce the sheer volume of successful cyberattacks the security team has to react to.
Click below to share this article