75 percent of cybersecurity leaders don’t trust their own data
A disconnect between cybersecurity confidence and data reality is leaving organizations exposed, according to a new report released today by Axonius.
The study, based on a survey of 500 US director-level and above cybersecurity and IT leaders, reveals that while 90 percent of cybersecurity leaders say their organization is prepared to take immediate action on a vulnerability, only 25 percent trust all the data in their own security tools.
This data trust deficit (due to dirty data) directly impacts performance. Looking at the reasons why one in four leaders who mistrust their security data, they cite inconsistent data (36 percent), incomplete data (34 percent), and inaccurate data (33 percent) as the primary reasons.
“Many organizations mistakenly believe they have a clear picture of their security posture, but that confidence often rests on flawed or what some call ‘dirty data’ -- information that’s incomplete, inaccurate, or out of date,” says Ryan Knisley, chief product strategist at Axonius. “Effective exposure management depends on reliable, trustworthy data. No amount of automation or artificial intelligence (AI) integration can compensate for a broken data foundation. Until that gap is addressed, the risk of a serious breach only grows.”
Despite feeling prepared, 81 percent of organizations say they take more than 24 hours to remediate a critical vulnerability or exposure, giving attackers a wide-open window to exploit security weaknesses. This is compounded by key operational challenges, including difficulty with prioritization and risk assessment (29 percent) and a lack of integration between security tools (27 percent).
While 58 percent of organizations report having adopted a Continuous Threat Exposure Management (CTEM) framework to become more proactive, they face significant challenges. The top obstacles are integrating CTEM tools across platforms (38 percent), measuring ROI (35 percent), and automating remediation (34 percent).
Organizations are eager to apply AI and automation for tasks like automated patching (42 percent) and AI-driven risk prioritization (40 percent). However, the top challenge to incorporating these technologies is integration issues with existing systems (38 percent) -- a problem rooted in a weak data foundation.
“The industry is chasing the promise of proactive, predictive security, but you can't predict threats if your view of the battlefield is a mirage,” adds Knisley. “The path forward requires a real commitment to establishing the right context: a consolidated view across environments for what exists in an environment and how it’s exposed. Only then can teams close the gap between feeling ready and actually being ready, enabling them to pre-emptively tackle threats and build lasting cyber resilience.”
The full report is available from the Axonius site.
Image credit: Siphotography/depositphotos.com