A small number of exposures can put 90 percent of critical assets at risk
New research reveals that a small volume of security exposures can put more than 90 percent of an organization's critical assets at risk of compromise.
The analysis of more than 60 million exposures in over 10 million entities from XMCyber, in collaboration with the Cyentia Institute, finds just two percent of security exposures can actually lead to critical assets and most exposures (75 percent) along attack paths lead to 'dead ends'.
That two percent though are located on 'choke points' through which multiple attack paths converge en route to critical assets. By focusing efforts on remediating exposures on these choke points, therefore organizations can maximize risk reduction while minimizing remediation workload among security and IT teams.
"Security teams are inundated with increasing volumes of alerts and attackers are actively exploiting this," says Zur Ulianitzky, vice president, research at XM Cyber. "As illustrated by our research, the vast majority of security alerts are benign and do not lead to critical assets. Threat actors are not working any harder than they have to, and most find success with attack paths which are simple, short and lead straight to fruitful returns. By diligently focusing remediation efforts on first and foremost eliminating the two percent of exposures which provide attackers with seamless access to critical assets, organizations can significantly reduce their risk without adding any additional strain to security teams."
Among other findings the average organization has 11,000 exploitable security exposures in a given month and 71 percent of firms have exposures that enable attackers to pivot from their on-premises to cloud environments. Once there, 92 percent of critical assets lie just one step away.
"Once attackers infiltrate cloud environments, it's easy for them to compromise assets," adds Ulianitzky, "Cloud security is not yet mature and many security teams don’t fully understand what security issues they need to look for. Challenges also surface from how cloud identities and permissions are (mis)managed. Moving forward, organizations must rethink their approach to security to ensure the protection of all of our identities, systems, and interdependencies among them holistically."
Techniques targeting credentials and permissions affect 82 percent organizations and exploit over 70 percent of all identified security exposures.
You can get the full report from the XMCyber site.