Cyber security experts at Balbix have issued a "State of Enterprise Security Posture Report" based on an online survey of IT and cyber security professionals conducted in May 2020. As reported in the Cyber Security Intelligence website, about 90% of these professionals are concerned about phishing and ransomware attacks, but only 48% have continuous visibility in these areas. The next biggest threats are unpatched systems and misconfigurations.
The report also found that only 64% of organizations are, at best, "somewhat" confident about their security and 46% find it hard to tell which vulnerabilities are real threats. 37% have limited visibility of their attack surface, and 25% have too many alerts to act on.
Top areas of visibility are unpatched systems (68%), identity and access management (59%), and phishing and ransomware (48% - troubling since this is identified as their top concern).
Other troubling statistics:
- 60% of organizations have knowledge of fewer than 75% of network assets; most have only spotty understanding of what is critical to their business.
- 80% of organizations provide more access privileges than necessary.
- Only 58% are capable of determining all vulnerable assets within 24 hours of a critical exploit.
- Only 13% feel presentations to the board go well and cyber risk is understood. This "failure to communicate" may be the biggest security problem.
Unless organizations can gain continuous, comprehensive visibility of their risks and address them, we can expect more reports of major cyber attacks.