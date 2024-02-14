TMCnet News
New Tenable Study Outlines the People, Process and Technology Challenges That Limit Organizations' Ability to Prevent Attacks
COLUMBIA, Md., Oct. 30, 2023 (GLOBE NEWSWIRE) -- Tenable®, the Exposure Management company, has published a new study that sheds light on the challenges cybersecurity and IT leaders face in protecting their increasingly complex and expanding attack surface. Published for Cybersecurity Awareness Month, the report titled “Old Habits Die Hard: How People, Process and Technology Challenges Are Hurting Cybersecurity Teams” reveals that in the last two years, the average organization’s cybersecurity program was prepared to preventively defend, or block, just 57% of the cyberattacks it encountered. This means 43% of attacks launched against them are successful, and must be remediated after the fact.
The study, based on a commissioned survey of 825 global cybersecurity and IT leaders conducted in 2023 by Forrester Consulting on behalf of Tenable, illuminates the people, process and technology challenges standing between modern cybersecurity and IT teams and effective risk reduction practices.
Nearly six in 10 (58%) respondents say they focus almost entirely on fighting successful attacks rather than working to prevent them in the first place. The study finds that this is largely due to an inability to reduce potential risks before attacks happen. Cyber professionals cite that this reactive stance is largely due to their organizations' struggle to obtain an accurate picture of their attack surface, including visibility into unknown assets, cloud resources, code weaknesses and user entitlement systems. The complexity of infrastructure — with its reliance on multiple cloud systems, numerous identity and privilege management tools and various web-facing assets — brings with it numerous opportunities for misconfigurations and overlooked assets.
Respondents were particularly concerned with the risks associated with cloud infrastructure, given the complexity it introduces in trying to correlate user and system identities, access and entitlement data. The vast majority of respondents (75%)* view cloud infrastructure as the greatest source of exposure risk in their organization. In order, the highest perceived risks come from the use of public cloud (30%), multi cloud and/or hybrid cloud (23%), private cloud infrastructure (12%) and cloud container management tools (9%).
Additional findings from the study include:
“Preventive security is no longer an optional approach to risk management, but a prerequisite,” said Robert Huber, chief security officer and head of research, Tenable. “The scattershot firefighting by security organizations is a recipe for failure, especially with the expansion of the attack surface and exposure points caused by trends like cloud migration and AI. We’re speaking with more and more organizations about the importance of proactively understanding and reducing risk, and this research underscores that many of them know this intuitively, but are struggling with headwinds that are often beyond their control. We hope to foster more collaborative discussion between stakeholders to simplify their practices and get to the risk data they actually need for faster prioritization and remediation.”
To read the full report with further results from the study, including how organizations can address these challenges and move from a reactive security posture to a preventive approach, please visit: https://www.tenable.com/analyst-research/2023-forrester-exposure-management-study
A blog post with additional context on the study can be found here.
