MORRISVILLE, N.C., Nov. 18, 2021 /PRNewswire/ -- JupiterOne, the cybersecurity industry's leading cyber asset management and governance solutions provider, today announced the findings of a new survey by Enterprise Strategy Group (ESG), which warns of inadequate security hygiene and posture management practices at many organizations.
The ESG research found that 86% of organizations believe they follow best practices for security hygiene and posture management. However, 70% of organizations said they use more than ten security tools to manage security hygiene and posture management, which raises concerns about data management and operations overhead, according to Jon Oltsik, ESG Principal Analyst and Fellow, and author of the report.
In addition, 73% of security professionals admitted that they still depend on spreadsheets to manage security hygiene and posture at their organizations. As a result, 70% of respondents said that security hygiene and posture management had become more difficult over the past two years as their attack surfaces have grown.
"[T]he data demonstrates that many organizations continue to address security hygiene and posture management tactically on a technology-by-technology basis," Oltsik wrote. "ESG believes that CISOs should take a more holistic approach to security hygiene and posture management by adopting technologies and processes for discovering assets, analyzing data, prioritizing risks, automating remediation tasks, and continuously testing security defenses at scale."
The report found that the external attack surface is increasingly vulnerable and prone to exploitation by adversaries. For this reason, CISOs should understand that attackers may be continuously scanning their organization's attack surface with automated tools before launching cyber-attacks. Therefore, organizations should strive to safeguard internet-facing assets and reduce their attack surface, thus increasing the work and resources needed by cyber adversaries.
"The findings from this report raise troubling concerns about the state of asset vulnerability management," said Erkang Zheng, founder, and CEO of JupiterOne. "This survey points out the need to gain deeper insights into asset exploitability which can pose devastating risks to businesses."
Overall, the report suggests that security asset management programs are too often informal, disorganized, and immature. It suggests that organizations would benefit from adopting greater integration technologies, advanced analytics, and process automation, according to ESG.
The survey exposed many dangerous vulnerabilities, as nearly one-third of respondents (31%) said they discovered sensitive data in previously unknown locations, and 30% found websites with a path to their organizations. In addition, 29% uncovered employee corporate credentials or misconfigured user permissions, while 28% exposed previously unknown SaaS applications.
Perhaps most troubling is the fact that 69% of organizations admitted they had experienced at least one cyber-attack that started through the exploit of an unknown or unmanaged internet-facing asset, including software, cloud-based workloads, user accounts, and IoT devices.
As a result of these threats, the survey found that 80% of organizations plan to increase spending for security hygiene and posture management within the next 18 months. The top budget priorities areas include data security tools (31%); cyber-risk quantification tools (30%); and cloud security posture management (28%).
For the report, ESG conducted an online survey of 398 IT and cybersecurity professionals from private- and public-sector organizations across North America. Click here: https://info.jupiterone.com/resources/esg-report-security-hygiene-posture-management-enterprise-security-group to download a full copy of the report.
The tech analyst firm Gartner recognized JupiterOne as an "on the rise" vendor for cyber asset attack surface management, or CAASM, in its most recent "Hype Cycle on Network Security 2021" report released in July 2021.
For an infographic and blog on The State of Cyber Asset Management, visit here: https://try.jupiterone.com/blog/infographic-the-state-of-cyber-asset-management.
To learn more about the Top 5 Reasons Your Attack Surface Is Growing Along with Your Cyber Assets, read the blog here: https://try.jupiterone.com/blog/top-5-reasons-your-attack-surface-is-growing-along-with-your-cyber-assets
About JupiterOne
JupiterOne is a cyber asset management and governance solution company, providing visibility and security into your entire cyber asset universe. JupiterOne creates a contextual knowledge base using graphs and relationships as the single source of truth for an organization's cyber asset operations. With JupiterOne, teams can discover, monitor, understand, and act on changes in their digital environments. Cloud resources, ephemeral devices, identities, access rights, code, pull requests, and much more are collected, graphed, and monitored automatically by JupiterOne. Visit us on social media: Twitter | LinkedIn | YouTube.
For Media Inquiries:
Nathaniel Hawthorne for JupiterOne
Lumina Communications
(661) 965-0407
[email protected]
Melissa Pereira
JupiterOne
(408) 656-4071
[email protected]
SOURCE JupiterOne
WANT YOUR COMPANY'S NEWS FEATURED ON PRNEWSWIRE.COM?
Newsrooms &
Influencers
Digital Media
Outlets
Journalists
Opted In
Share this article