Intelligent CISO Issue 45 | Page 23

ESG believes that CISOs should take a more holistic approach to security hygiene and posture management .
ESG believes that CISOs should take a more holistic approach to security hygiene and posture management . should strive to safeguard Internetfacing assets and reduce their attack surface , thus increasing the work and resources needed by cyberadversaries .
infographic
ESG Principal Analyst and Fellow . " ESG believes that CISOs should take a more holistic approach to security hygiene and posture management by adopting technologies and processes for discovering assets , analysing data , prioritising risks , automating remediation tasks and continuously testing security defences at scale ."
The report found that the external attack surface is increasingly vulnerable and prone to exploitation by adversaries . For this reason , CISOs should understand that attackers may be continuously scanning their organisation ' s attack surface with automated tools before launching cyberattacks . Therefore , organisations

ESG believes that CISOs should take a more holistic approach to security hygiene and posture management .

ESG believes that CISOs should take a more holistic approach to security hygiene and posture management . should strive to safeguard Internetfacing assets and reduce their attack surface , thus increasing the work and resources needed by cyberadversaries .

" The findings from this report raise troubling concerns about the state of asset vulnerability management ," said Erkang Zheng , Founder and CEO of JupiterOne . " This survey points out the need to gain deeper insights into asset exploitability which can pose devastating risks to businesses ."
Overall , the report suggests that security asset management programmes are too often informal , disorganised and immature . It suggests that organisations would benefit from adopting greater integration technologies , advanced analytics and process automation , according to ESG .
The survey exposed many dangerous vulnerabilities , as nearly one-third of respondents ( 31 %) said they discovered sensitive data in previously unknown locations and 30 % found websites with a path to their organisations . In addition , 29 % uncovered employee corporate credentials or misconfigured user permissions , while 28 % exposed previously unknown SaaS applications .
Perhaps most troubling is the fact that 69 % of organisations admitted they had experienced at least one cyberattack that started through the exploit of an unknown or unmanaged Internet-facing asset , including software , cloud-based workloads , user accounts and IoT devices .
As a result of these threats , the survey found that 80 % of organisations plan to increase spending for security hygiene and posture management within the next 18 months . The top budget priorities areas include data security tools ( 31 %); cyber-risk quantification tools ( 30 %) and cloud security posture management ( 28 %). u www . intelligentciso . com
23