Lack of asset visibility leads to more security incidents
Widening visibility gaps in cloud infrastructure, end-user devices and Internet of Things (IoT) device initiatives are leading to increased risk and security incidents according to a study carried out by Enterprise Strategy Group (ESG) for Axonius.
More than 70 percent of respondents report that additional complexity in their environments has contributed to increasing visibility gaps. More than half cite the rapid shift to remote work and changes to technology infrastructure necessitated by security and privacy regulations as key reasons for this increased complexity.
"Collectively, these assets represent an attack surface that organizations must protect against an ever-expanding threat landscape used by adversaries to compromise infrastructure and carry out malicious activities," says Dave Gruber, ESG's senior analyst. "When IT and security teams lack visibility into any part of their attack surface, they lose the ability to meet security and operational objectives, putting the business at risk. In some cases, organizations were reporting 3.3 times more incidents caused by lack of visibility into IT assets."
Nearly 90 percent of respondents say that the pandemic has accelerated public cloud adoption. The study also reveals that the majority of organizations have suffered more than five cloud-related security incidents in the last year. Half of respondents report visibility and management challenges with public cloud infrastructure, mostly associated with data spread across different tools, clouds, and infrastructure.
Participants also anticipate a 74 percent increase in remote workers, even after pandemic restrictions lift. This means organizations need to develop long-term operating and security plans for hybrid work environments so that IT and security teams don't remain blind to the personal networks and devices supporting remote employees.
"This year's survey once again reinforces that lack of visibility into assets is one of the most critical challenges facing every organization today. Building a comprehensive inventory remains a slow, arduous, often inadequate process, and as a result, more incidents are occurring," says Dean Sysman, CEO of Axonius. "However, automating cybersecurity asset management can dramatically improve security and compliance efforts. According to the study, eliminating visibility gaps results in a 50 percent reduction in end-user device security incidents."
The full report is available from the Axonius site.