Cybersecurity Cloud & Data

Organizations are looking in the wrong place to fight cyberattacks

Organizations are addressing trending cybersecurity threats while catalogued industry-wide security issues remain unaddressed.

According to a report by cybersecurity firm Cymulate, many organizations are testing for trending threats at the expense of ones they are more likely to experience. Meaning, organizations are actively testing against threats seen in the news, likely from pressure to report on their exposure risk to emergent threats.

Read more: What startups want: Indian startups see benefits from a strong cloud core

The report also says that known and catalogued industry-wide security issues remain unaddressed.A significant number of organizations are not testing against more widely recognized threats such as ProxyNotShell and Emotet that continue to persist and are apt to cause the most harm if not remediated.

It’s understandable that organizations want to protect themselves against the major threats making headlines today. But the findings of the Cybersecurity Effectiveness Report underscore the fact that many attackers aren’t using advanced new strategies—they’re continuing to find success using known tactics

Carolyn Crandall, Chief Security Advocate for Cymulate

Carolyn Crandall, Chief Security Advocate for Cymulate, says, “It’s understandable that organizations want to protect themselves against the major threats making headlines today. But the findings of the Cybersecurity Effectiveness Report underscore the fact that many attackers aren’t using advanced new strategies—they’re continuing to find success using known tactics.

“Organizations need to shift their vulnerability management strategies to address these gaps by implementing Attack Surface Management tools for exposure assessment, Breach and Attack Simulation for security control efficacy validation, and Continuous Automated Red Teaming for more frequent penetration testing.”

Another horrifying revelation is that the effectiveness of data protection measures has declinedjumping from 30 to 44 in 2022, the average data exfiltration risk score has worsened considerably. Network and Group Policies have hada positive impact on prevention of data exfiltration, which has driven attackers to resort to alternative exfiltration methods.

Read more: Insider attack: Organizations expect employee churn-driven cyber issues in 2023

David Neuman, senior analyst at TAG Cyber, says, “Organizations must understand their security posture to identify vulnerabilities and protect against cyber threats.”

The report advises that businesses deploy breach and attack simulations, which has had a significant positive impact on cyber resiliency.

Navanwita Bora Sachdev

Navanwita is the editor of The Tech Panda who also frequently publishes stories in news outlets such as The Indian Express, Entrepreneur India, and The Business Standard

Recent Posts

Once more with feeling: An ambitious bid to build a digital Disneyland for fans

This entrepreneur, who entered the startup ecosystem when he was only thirteen years old, wants…

4 days ago

From UPI to Web3: How India’s fintech wave is reshaping the future of payments

India’s fintech sector is accelerating at breakneck speed, with digital payments becoming the new default…

1 week ago

AI Launches: SaaS, content management, ecommerce, cybersecurity, logistics, entertainment, & investment

The Tech Panda takes a look at recent launches in the superfast field of Artificial…

2 weeks ago

M&A: The art of the deal

The Tech Panda takes a look at recent mergers and acquisitions within various tech ecosystems…

2 weeks ago

AI companion: From comfort to concern, are we flirting with “Addictive Intelligence”?

Strange are the ways in which Artificial Intelligence (AI) has been offering us humans companionship.…

2 weeks ago