Poor internal communication, unclear responsibilities and a heterogeneous tool landscape make cyber risk management in companies difficult.
There is a wide gap between the demands for effective risk management of the external attack surface that a company offers via IT assets accessible from the Internet and the real situation in companies. This is the conclusion of a thought leadership report prepared by the analyst firm Forrester and commissioned by CyCognito, market leader for External Attack Surface Risk Management (EASM). A total of 304 security and IT decision-makers in the USA, Germany, France, Great Britain and Canada, who are also responsible for risk assessment within the company, were surveyed.
Tool proliferation and lack of collaboration increase risk
The biggest hurdles to effective management are insufficient communication, a heterogeneous tool landscape, unclear responsibilities and ineffective methods for prioritizing risks - and therefore, above all, challenges with regard to functioning collaboration. This can be remedied by centrally used tools for rapid detection (Mean Time to Detection – MTTD), which enable faster average resolution times (MTTR), and a single source of truth as a uniform information basis.
Undetected security gaps in assets accessible via the Internet, such as insecurely configured cloud solutions, databases, IoT devices, etc., pose an enormous risk to the IT security of companies. At the same time, current risk management practices for identifying, prioritizing and remediating these vulnerabilities rarely meet those responsible's expectations. Although 81 percent of respondents consider security testing, processes, or exercises to uncover vulnerabilities in security controls and mechanisms to be an important risk management tool, 53 percent found a significant number of undetected external assets during their most recent risk assessment.
Many use more than ten different tools
According to Forrester, this discrepancy is primarily due to insufficient internal collaboration - a fact that is reflected in several results. One indicator is the heterogeneity of the tool landscape: almost 40 percent of the participating companies use more than ten different tools that are spread across several teams and used independently of each other, instead of making the findings available to everyone involved.
These “silos” complicate the necessary communication and collaboration. Only 22 percent of respondents have a cross-functional team responsible for effectively prioritizing countermeasures. This means that in one out of four companies surveyed it takes several weeks or even longer to react to new, sometimes high risks. In general, 40 percent of those surveyed rated the relationships between the security, IT and business teams involved as consistently negative.
Central automation tools and a single source of truth can help
To effectively reduce the risk of security vulnerabilities in external assets through rapid detection, prioritization and remediation, companies should take two measures, according to the report. Firstly, there should be a company-wide single source of truth for recording and assessing risks, i.e. a single source of information that is used by everyone involved and constantly kept up to date. The collaboration required for this also improves spirit between the teams and also has a direct impact on the MTTR.
This goal is facilitated by a second recommended measure: the introduction of a central solution for risk reduction that automatically and continuously carries out important core tasks. This includes consistently mapping business structures, regular security tests that also find “blind spots,” and correctly assigning assets. These measures allow a uniform view of the external attack surface, prioritization and planning of countermeasures - and thus effective risk management.
Directly to the report on CyCognito.com
About CyCognito
CyCognito is the market leader in External Attack Surface Risk Management (EASM) and counts many Fortune 2000 companies among its customers. Not only large companies and corporations benefit from the CyCognito platform, but also medium-sized companies. The platform allows proactive, continuous management of the potential attack surface that a company presents via Internet-accessible assets and helps to manage and minimize the associated risks.
Matching articles on the topic