New Tenable Study Outlines the People, Process and Technology Challenges That Limit Organizations’ Ability to Prevent Attacks
October 30 2023 - 9:00AM
Tenable®, the Exposure Management company, has published a new
study that sheds light on the challenges cybersecurity and IT
leaders face in protecting their increasingly complex and expanding
attack surface. Published for Cybersecurity Awareness Month, the
report titled “Old Habits Die Hard: How People, Process and
Technology Challenges Are Hurting Cybersecurity Teams” reveals that
in the last two years, the average organization’s cybersecurity
program was prepared to preventively defend, or block, just 57% of
the cyberattacks it encountered. This means 43% of attacks launched
against them are successful, and must be remediated after the fact.
The study, based on a commissioned survey of 825 global
cybersecurity and IT leaders conducted in 2023 by Forrester
Consulting on behalf of Tenable, illuminates the people, process
and technology challenges standing between modern cybersecurity and
IT teams and effective risk reduction practices.
Nearly six in 10 (58%) respondents say they focus almost
entirely on fighting successful attacks rather than working to
prevent them in the first place. The study finds that this is
largely due to an inability to reduce potential risks before
attacks happen. Cyber professionals cite that this reactive stance
is largely due to their organizations' struggle to obtain an
accurate picture of their attack surface, including visibility into
unknown assets, cloud resources, code weaknesses and user
entitlement systems. The complexity of infrastructure — with its
reliance on multiple cloud systems, numerous identity and privilege
management tools and various web-facing assets — brings with it
numerous opportunities for misconfigurations and overlooked
assets.
Respondents were particularly concerned with the risks
associated with cloud infrastructure, given the complexity it
introduces in trying to correlate user and system identities,
access and entitlement data. The vast majority of respondents
(75%)* view cloud infrastructure as the greatest source of exposure
risk in their organization. In order, the highest perceived risks
come from the use of public cloud (30%), multi cloud and/or hybrid
cloud (23%), private cloud infrastructure (12%) and cloud container
management tools (9%).
Additional findings from the study include:
- While most respondents (75%) say they consider user identity
and access privileges when they prioritize vulnerabilities for
remediation, fully half (50%) say their organization lacks an
effective way of integrating such data into their preventive
cybersecurity and exposure management practices.
- Nearly six in 10 respondents (57%) say a lack of data hygiene
prevents them from drawing quality data from user privilege and
access management systems, as well as from vulnerability management
systems.
- On average, it takes 15 hours a month to create reports for
business leaders about the health of organizational security
infrastructure.
- In a slight majority of organizations (53%), meetings about
business-critical systems take place monthly, while 18% hold such
meetings only once per year and 2% say they never hold such
meetings.
This data comes at a critical point in time for publicly traded
companies, following the recent introduction of SEC rules on
cybersecurity risk management, strategy, governance and incident
disclosure that take effect in December of this year. The new rules
that mandate the disclosure of material cybersecurity incidents by
public companies also stipulate that they outline their processes
for assessing, identifying and managing material risks from
cybersecurity threats. It also requires them to highlight the
oversight processes of boards of directors and executive management
in assessing and managing cybersecurity risks. For organizations
that do not have these best practices and processes in place,
preventive security measures will become a requirement for
operations.
“Preventive security is no longer an optional approach to risk
management, but a prerequisite,” said Robert Huber, chief security
officer and head of research, Tenable. “The scattershot
firefighting by security organizations is a recipe for failure,
especially with the expansion of the attack surface and exposure
points caused by trends like cloud migration and AI. We’re speaking
with more and more organizations about the importance of
proactively understanding and reducing risk, and this research
underscores that many of them know this intuitively, but are
struggling with headwinds that are often beyond their control. We
hope to foster more collaborative discussion between stakeholders
to simplify their practices and get to the risk data they actually
need for faster prioritization and remediation.”
To read the full report with further results from the study,
including how organizations can address these challenges and move
from a reactive security posture to a preventive approach, please
visit:
https://www.tenable.com/analyst-research/2023-forrester-exposure-management-study
A blog post with additional context on the study can be found
here.
Note to Editors:
- Forrester Consulting conducted an online survey of 825 IT and
cybersecurity professionals at large enterprises in the U.S., the
U.K., Germany, France, Australia, Mexico, India, Brazil, Japan and
Saudi Arabia. The study was fielded in March 2023.
- Maturity Modeling: Respondents were scored based on their
answers to questions measuring different aspects of their maturity:
their use of preventive security tools, how they prioritize
resources to reduce threat exposure, and the degree of visibility
and collaboration within their organization. Forrester scored those
in the bottom 20% as low maturity, the middle 60% as medium
maturity, and the top 20% as high maturity.
*Note: Total percentage may not equal separate values due to
rounding
About TenableTenable® is the Exposure
Management company. Approximately 43,000 organizations around the
globe rely on Tenable to understand and reduce cyber risk. As the
creator of Nessus®, Tenable extended its expertise in
vulnerabilities to deliver the world’s first platform to see and
secure any digital asset on any computing platform. Tenable
customers include approximately 60 percent of the Fortune 500,
approximately 40 percent of the Global 2000, and large government
agencies. Learn more at tenable.com.
Media Contact:Tenabletenablepr@tenable.com
Tenable (NASDAQ:TENB)
Historical Stock Chart
From Apr 2024 to May 2024
Tenable (NASDAQ:TENB)
Historical Stock Chart
From May 2023 to May 2024