Identifying key risks is top cybersecurity challenge
Risk-based strategies are most successful in preventing security breaches, according to a new study from Skybox Security.
Of companies taking a risk-based approach 48 percent suffered no breaches, 50 percent were top performers in time to mitigate issues, and 46 percent top performers in response time.
"The cybersecurity industry is witnessing a paradigm shift in cyber risk. To prevent breaches, CISOs must make a strategic shift -- from the traditional volume play of identifying vulnerabilities and merely adhering to cybersecurity frameworks -- to taking a strategic risk-based view of reducing actual exposure," says Gidi Cohen, CEO and founder of Skybox Security. "At the board level, leaders want to understand their risk profile rather than how many vulnerabilities were patched each month. CISOs need to validate and report on how they're taking measurable, proactive steps to reduce risk systematically and reduce the financial impact a breach could have on their company."
Among other findings from the study, on average organizations experienced 15 percent more cybersecurity incidents in 2021 than in 2020. In addition, 'material breaches' -- defined as 'those generating a large loss, compromising many records, or having a significant impact on business operations' -- jumped 24.5 percent.
The top four causes of the most significant breaches reported by affected organizations are: human error, misconfigurations, poor maintenance/lack of cyber hygiene, and unknown assets.
"What's notable about this list is that all of these conditions result from mistakes or manual processes inside organizations -- which means they are all in principle avoidable," says Ran Abramson, threat intelligence analyst at Skybox Research Lab. "The clear implication is that, however pernicious external threats have become, cybersecurity teams still have the power to repel them. And that's the good news: With the right practices and tools – including automation to maximize efficiency and get the most out of limited staff -- breaches can be prevented."
The full study is available from the Skybox site.
Photo Credit: Olivier Le Moal / Shutterstock