Due to encountered difficulties, the request cannot be processed. Organizations are currently experiencing a significant hurdle in terms of managing security posture. In fact, research conducted in 2022 revealed that only 2% of attack paths result in access to critical assets. Therefore, it is crucial to prioritize securing these critical points, as it can greatly decrease overall risk. XM Cyber’s report, State of Exposure Management in 2023, provides a comprehensive overview of these findings.
The report found that 75% of the exposures identified by the assessment were dead ends and could not be exploited. It also found that attackers can access 70% of critical assets in on-prem networks in just 3 steps and 90% of critical assets in cloud infrastructures are just one hop away from initial compromise. It also found that techniques targeting credentials and permissions affect 82% of organizations and exploit over 70% of all security exposures.
Organizations must take a new approach to remediation efficiency by focusing on the remediation of exposures that lie on choke points. This does not mean that an attacker’s presence can be ignored even on a dead-end path, as they can still do considerable damage, even if they don’t have immediate access. Vendors should also distribute products with a secure-by-default configuration and organizations should provide guidance and best practices governing passwords and access management.
Organizations should also consider adopting a zero-trust security model and keep attackers out of cloud infrastructures by protecting the on-prem infrastructure. The report also recommends that organizations take a consolidated view of the distinct parts of their environment to prevent missing common threads and otherwise obvious attack paths.
Key Points:
- Only 2% of attack paths lead to critical assets.
- Securing the choke points through which they pass dramatically reduces risk.
- 75% of the identified exposures were dead ends.
- Attackers can access 70% of critical assets in on-prem networks in just 3 steps and 90% of critical assets in cloud infrastructures are just one hop away from initial compromise.
- Organizations should adopt a zero-trust security model and focus on remediating choke points.
- Vendors should distribute products with a secure-by-default configuration and organizations should provide guidance and best practices governing passwords and access management.
- Organizations should take a consolidated view of their environment to prevent missing common threads and otherwise obvious attack paths.