Organizations face a never-ending game of whack-a-mole with cybersecurity. The sheer volume of security exposures is overwhelming for most security programs. XM Cyber and Cyentia Institute partner for Navigating the Paths of Risk: The State of Exposure Management in 2023 to analyze how organizations can more effectively focus their risk management on critical assets leading to exposures.
Today we release the findings of from our joint report with XM Cyber, wefound that 75 percent of security exposures do not put organizations’ critical assets at risk. However, while most of these exposures are not particularly relevant to an organization, there are a minimal amount of exposures that put more than 90 percent of their critical assets at risk.
With advanced tooling, modern security teams are faced with an overwhelming volume of exposures to validate and analyze, despite the fact that most exposures uncovered do not lead to critical assets. XM Cyber’s latest research, which analyzed more than 60 million exposures in over 10 million entities, both on-premise and in the cloud, revealed that the average organization has 11,000 exploitable security exposures in a given month with up to 250,000 exposures in larger enterprises. This highlights the need for more efficient exposure remediation in order to remain ahead of the attack curve.
“As we analyzed data and reflected on the findings for this report, my mind kept coming back to one concept: the cost of attack.
Through attack path analysis, we see what the attacker sees and identify their least costly (quickest, easiest) routes to whatever it is they value. If we operationalize that knowledge, I have hope that we can finally shift the cost of attack in our favor.” Wade Baker, PhD, Partner at Cyentia Institute.
The second annual report presents key insights drawn from tens of thousands of attack path assessments conducted through XM Cyber’s exposure management platform during 2022. Get all of the key insights and analysis through the download link below!