Cybersecurity Cloud & Data

Organizations are looking in the wrong place to fight cyberattacks

Organizations are addressing trending cybersecurity threats while catalogued industry-wide security issues remain unaddressed.

According to a report by cybersecurity firm Cymulate, many organizations are testing for trending threats at the expense of ones they are more likely to experience. Meaning, organizations are actively testing against threats seen in the news, likely from pressure to report on their exposure risk to emergent threats.

Read more: What startups want: Indian startups see benefits from a strong cloud core

The report also says that known and catalogued industry-wide security issues remain unaddressed.A significant number of organizations are not testing against more widely recognized threats such as ProxyNotShell and Emotet that continue to persist and are apt to cause the most harm if not remediated.

It’s understandable that organizations want to protect themselves against the major threats making headlines today. But the findings of the Cybersecurity Effectiveness Report underscore the fact that many attackers aren’t using advanced new strategies—they’re continuing to find success using known tactics

Carolyn Crandall, Chief Security Advocate for Cymulate

Carolyn Crandall, Chief Security Advocate for Cymulate, says, “It’s understandable that organizations want to protect themselves against the major threats making headlines today. But the findings of the Cybersecurity Effectiveness Report underscore the fact that many attackers aren’t using advanced new strategies—they’re continuing to find success using known tactics.

“Organizations need to shift their vulnerability management strategies to address these gaps by implementing Attack Surface Management tools for exposure assessment, Breach and Attack Simulation for security control efficacy validation, and Continuous Automated Red Teaming for more frequent penetration testing.”

Another horrifying revelation is that the effectiveness of data protection measures has declinedjumping from 30 to 44 in 2022, the average data exfiltration risk score has worsened considerably. Network and Group Policies have hada positive impact on prevention of data exfiltration, which has driven attackers to resort to alternative exfiltration methods.

Read more: Insider attack: Organizations expect employee churn-driven cyber issues in 2023

David Neuman, senior analyst at TAG Cyber, says, “Organizations must understand their security posture to identify vulnerabilities and protect against cyber threats.”

The report advises that businesses deploy breach and attack simulations, which has had a significant positive impact on cyber resiliency.

Navanwita Bora Sachdev

Navanwita is the editor of The Tech Panda who also frequently publishes stories in news outlets such as The Indian Express, Entrepreneur India, and The Business Standard

Recent Posts

Indian gaming shifts from audience to creator “given India’s mobile-first gaming capabilities”

The Indian gaming industry is sitting on an industry explosion in the near future as…

1 hour ago

Transforming modern business operations: How Microsoft 365’s AI Integration is automating HR workflows & enhancing employee experiences

In today's fast-paced business world, when employee fulfillment and efficiency are crucial, technology has become…

3 hours ago

Outbound & inbound: India attracts businesses from UK, China & US while expanding to Middle East

The Tech Panda takes a look at how India has been attracting foreign businesses from…

1 day ago

UPI value & volume surpass records in March

India’s digital payments ecosystem achieved a record high in March, with UPI transactions reaching INR24.77…

1 day ago

AI-powered digital twins, Cobots, agentic AI, physical AI & edge computing are enabling an anticipatory AI-first manufacturing ecosystem

Tata Consultancy Services (TCS) (BSE: 532540, NSE: TCS), ), a leader in IT services, consulting, and business…

1 day ago

Misinformation & deepfakes help weaponize AI: Should AI be as open as the internet then?

The ability for AI to spread misinformation has been reaching hair-raising lengths, another and possibly…

3 days ago