Enterprise Technique Group (ESG), a number one IT analyst, analysis, and technique agency, and a division of TechTarget, Inc., at this time introduced new analysis into safety hygiene and posture administration – a foundational a part of a robust safety program. The research reveals that many points of cybersecurity are managed independently and with antiquated instruments, leaving organizations with restricted visibility and weak defenses in opposition to an ever-evolving risk panorama. Since sturdy cybersecurity begins with the fundamentals, like understanding about all IT belongings deployed, this case makes organizations weak to superior threats amongst strategic, but typically hurried, cloud and digital transformation initiatives.
The brand new report, Safety Hygiene and Posture Administration, summarizes a survey of 398 IT and cybersecurity professionals accountable for evaluating, buying, and using services for safety hygiene and posture administration, together with vulnerability administration, asset administration, assault floor administration, and safety testing instruments. The information reveals that organizations should intention to additional assess safety posture administration processes, look at vendor danger administration necessities, and check safety instrument and processes extra continuously.
Among the many most troubling findings from this research:
- 73% of organizations admit that spreadsheets stay a key facet of safety hygiene and posture administration. Right now’s risk panorama is much too dynamic to be managed by such rudimentary strategies.
- 69% of organizations admit that they’ve skilled a minimum of one cyber-attack that began by way of the exploit of an unknown, unmanaged, or poorly managed internet-facing asset (e.g., internet server, internet utility, VPN gateway, or open port). Cyber-adversaries are simply out-maneuvering IT organizations that depart belongings defenseless.
- 40% of safety professionals say that conflicting knowledge makes it troublesome to get an correct image of belongings, and 39% report that it’s troublesome to maintain up with hundreds of fixing belongings. Organizations can’t handle and shield these assets with out an correct image of what they’re and the place they reside.
- 57% agreed that their group typically struggles to know which belongings are business-critical. This lack of visibility means cybersecurity and IT groups are challenged to prioritize their efforts to guard the programs which might be most vital to enterprise operations.
As a solution to those points, the research concludes that the following few years will see innovation round a brand new platform class that ESG refers to as safety observability, prioritization, and validation (SOPV). SOPV will mixture safety hygiene and posture administration knowledge, calculate danger scores, prioritize remediation actions based mostly on danger and asset criticality, carefully align with the MITRE ATT&CK framework, and even check safety controls and processes. As SOPV instruments mature, they are going to change into the de facto CISO dashboard for speaking cyber-risk to the enterprise.
“Whereas safety hygiene and posture administration is vital, this analysis reveals that organizations don’t have a transparent image of their expertise belongings, they usually have restricted understanding of the state of these gadgets, programs, and functions,” says Senior Principal Analyst & ESG Fellow Jon Oltsik. “This places organizations in danger as a result of they lack the precise info wanted for sound cyber-risk mitigation choices. Whereas this case is vital, I do see some promising developments and innovation round SOPV applied sciences over the following 12 to 18 months. CISOs ought to be proactively addressing safety hygiene and posture administration and researching SOPV options as quickly as attainable.”
For extra info on this new analysis, please go to ESG’s web site.
To study extra about Jon Oltsik’s cybersecurity market protection, click on right here or comply with him on Twitter @joltsik.
Enterprise Technique Group (ESG) is an built-in expertise evaluation, analysis, and technique agency offering market intelligence, actionable perception, and go-to-market content material companies to the worldwide expertise neighborhood. It’s more and more acknowledged as one of many world’s main analyst companies in serving to expertise distributors make strategic choices throughout their go-to-market applications by way of factual, peer-based analysis. ESG is a division of TechTarget, Inc. (Nasdaq: TTGT), the worldwide chief in buy intent-driven advertising and marketing and gross sales companies targeted on delivering enterprise affect for enterprise expertise corporations.