April 20, 2023

According to a study from XM Cyber, just a tiny fraction of attack pathways expose most businesses’ important assets to security concerns.

The study, titled “Navigating the Paths of Risk: The State of Exposure Management,” examined more than 60 million exposures in more than 10 million organizations and discovered that 75% of exposures were not exploitable. Only 2% of the exposures, however, constituted a serious danger to more than 90% of an organization’s important assets.

According to the survey, the average firm has around 11,000 exploitable security exposures every month, affecting both on-premises and cloud infrastructure, with bigger companies having up to 250,000 exposures. Critical assets were discovered to be “one hop away,” allowing attackers easy access to them.

Furthermore, despite the fact that these approaches affect 82% of firms, many organizations overlook attack vectors that exploit credentials and permissions. The study also discovered that zero-trust architecture was insufficient in defending enterprises against security exposure strategies that relied on trust.

To prevent human mistake, the report advises that suppliers deliver products with “security by default” options. The survey also discovered that security personnel are overburdened by dead-end security exposure notifications, making it simpler for attackers.

The sources for this piece include an article in CPOMAGAZINE.