Vulnerable cloud attack surface grows almost 600 percent
A new report from cyber asset visibility and management company JupiterOne shows numbers of enterprise cyber assets have increased by 133 percent year-on-year, from an average of 165,000 in 2022 to 393,419 in 2023.
Organizations have also seen the number of security vulnerabilities, or unresolved findings, increase by 589 percent according to the report which analyzed more than 291 million assets, findings, and policies to establish the current state of enterprise cloud assets, including cloud and physical environments of devices, networks, apps, data, and users.
Jasmine Henry, senior director of data security and privacy at JupiterOne and lead researcher of 2023 The State of Cyber Assets Report says, "If the past year has taught us anything, it is the critical importance of security to the overall health of an organization and public safety. Cybersecurity is no longer just a CISO issue; the CEO, the board of directors, and investors are all paying close attention. Historians may write that the 2017 WannaCry ransomware attack was when CEOs realized the importance of security and the 2021 Colonial Pipeline event was when the average person understood that security mattered -- but even though everyone is on-board with the importance of security, this report shows us how big of a mountain we still have to climb."
On average, large-sized organizations have 2,011 cyber assets per employee, small organizations 681, and mid-sized organizations 489. Security practitioners are responsible for an average of 334 unique Cloud Service Provider (CSP) accounts in 2023 across all organizational sizes, or an average of 225 and 559 unique accounts at large and mid-sized organizations, respectively.
"Security teams do not need more visibility," says Sounil Yu, CISO and head of research at JupiterOne. "They just need access to the visibility that already exists within an organization. One of the key takeaways for organizations should be the importance of eliminating artificial barriers for security teams in getting this visibility. CEOs and other executives should ask their security teams what policies or inter-team dynamics hinder them from accessing the visibility they need. Security teams are already fighting an uphill battle. In this era of distributed and rapidly growing attack surfaces, organizations should focus on improving the processes and tools that unify our available data to gain greater cyber insights from the visibility we already have."
You can get the full report from the JupiterOne site.