Cymulate Provides Critical Insights on Global Cybersecurity

By Greg Tavarez April 10, 2023

Everyone can agree that cybersecurity is of vital importance for any organization. The combination of increasing threats, dependence on technology, high-profile incidents and regulatory pressures over the past few years made cybersecurity a pressing issue that cannot be ignored.

To delve deeper into cybersecurity, provide critical insights into global cybersecurity effectiveness and reveal top attack tactics, techniques and procedures (or TTPs), Cymulate released its "2022 Cybersecurity Effectiveness Report.” The report analyzed 1.7 million hours of offensive cybersecurity testing within Cymulate's production environments.

The report found that many organizations test trending threats at the expense of ones they are more likely to experience. Sure, it's good for organizations to test against emergent threats seen in the news. However, it shouldn't take away from assessing other, less-mainstream threats that are more likely actively targeting the business. Businesses that used scheduled and full kill-chain testing demonstrated the broadest testing coverage and the most in-depth validation when they added advanced scenario testing to their programs.

Another key area the report found is that known and cataloged industry-wide security issues remain unaddressed. Almost half of the top 10 CVEs identified most by Vulnerability Management platforms are older than two years. Well-known vulnerabilities in cybersecurity include unaddressed CVEs and poorly configured IAM and PAM. Organizations that use outdated infrastructure without support must rely on additional security measures to mitigate risks.

The report also found that more than nine in 10 of the top 10 exposures are related to domain and email security. This is important to watch because unmanaged externally visible infrastructure (or what some like to call ShadowIT) plus a delay in implementation of newer standards are often difficult to detect with purely defensive analysis. Thinking like an attacker and simulating different techniques of attack, safely, is critical in finding these systems and gaps.

“It’s understandable that organizations want to protect themselves against the major threats making headlines today,” said Carolyn Crandall, Chief Security Advocate for Cymulate. “But the findings of the report underscore the fact that many attackers aren’t using advanced new strategies — they’re continuing to find success using known tactics.”

So, what do organizations need to do to address these gaps? The answer is simple. Organizations need to shift their vulnerability management strategies. One strategy that has had a significant impact on cyber resiliency is Breach and Attack Simulation.

In the report, comparing the anonymized data between the first endpoint security assessment completed and the most recent assessments completed, significant improvements in risk reduction were seen when BAS testing was regularly performed. The improvements were seen consistently across customers of various industries and sizes.

For example, Windows Signature-Based anti-virus scanning, MacOS anti-malware defenses and Linux anti-malware defenses all went from high risk to moderate risk. Sure, improvements can be made, but the trend of improved protection is promising.

The report's findings demonstrate that many organizations need to focus on testing against threats and exposures that are more likely to affect their business. There is a need for greater attention to be paid to addressing known and cataloged industry-wide security issues.

Edited by Alex Passett
Get stories like this delivered straight to your inbox. [Free eNews Subscription]

Latest Broadband Forum Specification Unleashes Network Flexibility, Agility and New Features

Technical Report-459 provides improved resiliency, scalability, and faster deployment times for operators. It will also provide more reliable and consistent services for end users.

Read More

Logitech Introduces Rally Bar Huddle for Better Small Meeting Experiences

Logitech has released a new Rally Bar Huddle that is focused on delivering equitable video conference meetings with ease.

Read More

UniVoIP Brings Teams Voice Integration to the Telarus Supplier Portfolio

UCaaS provider UniVoIP has joined the Telarus supplier portfolio, bringing its voice solutions for Microsoft Teams to the Telarus partner community.

Read More

Samuel Wilson Set to Lead 8x8 into the Future

Finally, 2 years after the departure of longtime CEO Vik Verma, 8x8 hopes it has found a new CEO who will successfully lead it to new growth in a crowded UCaaS market.

Read More

Phone Calls Are Still Key for Customer Acquisition

Ruby uncovered that phone calls are still key when it comes to addressing customer concerns in real-time and understanding changing business realities.

Read More