Cybersecurity Cloud & Data

Organizations are looking in the wrong place to fight cyberattacks

Organizations are addressing trending cybersecurity threats while catalogued industry-wide security issues remain unaddressed.

According to a report by cybersecurity firm Cymulate, many organizations are testing for trending threats at the expense of ones they are more likely to experience. Meaning, organizations are actively testing against threats seen in the news, likely from pressure to report on their exposure risk to emergent threats.

Read more: What startups want: Indian startups see benefits from a strong cloud core

The report also says that known and catalogued industry-wide security issues remain unaddressed.A significant number of organizations are not testing against more widely recognized threats such as ProxyNotShell and Emotet that continue to persist and are apt to cause the most harm if not remediated.

It’s understandable that organizations want to protect themselves against the major threats making headlines today. But the findings of the Cybersecurity Effectiveness Report underscore the fact that many attackers aren’t using advanced new strategies—they’re continuing to find success using known tactics

Carolyn Crandall, Chief Security Advocate for Cymulate

Carolyn Crandall, Chief Security Advocate for Cymulate, says, “It’s understandable that organizations want to protect themselves against the major threats making headlines today. But the findings of the Cybersecurity Effectiveness Report underscore the fact that many attackers aren’t using advanced new strategies—they’re continuing to find success using known tactics.

“Organizations need to shift their vulnerability management strategies to address these gaps by implementing Attack Surface Management tools for exposure assessment, Breach and Attack Simulation for security control efficacy validation, and Continuous Automated Red Teaming for more frequent penetration testing.”

Another horrifying revelation is that the effectiveness of data protection measures has declinedjumping from 30 to 44 in 2022, the average data exfiltration risk score has worsened considerably. Network and Group Policies have hada positive impact on prevention of data exfiltration, which has driven attackers to resort to alternative exfiltration methods.

Read more: Insider attack: Organizations expect employee churn-driven cyber issues in 2023

David Neuman, senior analyst at TAG Cyber, says, “Organizations must understand their security posture to identify vulnerabilities and protect against cyber threats.”

The report advises that businesses deploy breach and attack simulations, which has had a significant positive impact on cyber resiliency.

Navanwita Bora Sachdev

Navanwita is the editor of The Tech Panda who also frequently publishes stories in news outlets such as The Indian Express, Entrepreneur India, and The Business Standard

Recent Posts

Empowering businesses with Unified Device Management: Streamline security & productivity across platforms

In a modern business, device diversity is not just an operational reality; it is the…

8 hours ago

Can taxes cool down AI & crypto’s power hunger? The IMF’s betting on it

We already know that because of the electricity used by high-powered equipment to “mine” crypto…

1 day ago

All our eggs in one cloud: When AWS sneezed & the Internet caught a cold

The recent service outage that Amazon Web Services (AWS) experienced in the US brought several…

4 days ago

Can AI help manage the new threat to our environment caused by AI?

Can we make data centers smart and green? Warning about AI’s electricity consumption speed was…

5 days ago

New tech on the block: Fintech, crypto, cleantech, blockchain & cybersecurity

The Tech Panda takes a look at recent tech launches. Fintech: ICICI Bank & Visa…

1 week ago