The cybersecurity department of organizations are struggling with visibility when it comes to key security controls.
Author Saif Ahmed Bhuiyan | NITS DiGi, July 23, 2020
According to experts and their reports, the majority of cybersecurity professionals are very much concerned about ransomware attacks, phishing and web. This rate is absolutely alarming as only 48% confirms that they have a very good visibility when it comes to ransomware attacks, phishing and web.
Recents findings indicate that 64% of organizations are somewhat confident in their security posture and that the lack of visibility into security is the primary concern for organizations, at best. Specifically, the rest are finding it hard to understand which vulnerabilities are real threats vs vulnerabilities which will never end up harming or causing trouble to the security system.
Lack of visibility of the overall attack identified or discovered and the pressure of being inundated with way too many alerts to be addressed were found as additional significant concerns.
According to a Computer & Network Security solution provider, “The findings of their report make it abundantly clear that security professionals remain inundated with the challenge of maintaining comprehensive visibility over their complex attack surface while also combatting the evolving threat landscape”.
The trends of risk are quite agile, hence it can change overnight in cybersecurity. From survey results it is safe to say that infosec professionals are struggling to assess, quantify, and prioritize the most important risks to their organizations.
Organizations should understand which is the biggest issue within cybersecurity as the findings says
- Phishing, web and ransomware is the biggest concern
- Second in place is unpatched systems
- And on third is misconfigurations
Organizations should also realize that educating and identifying cyber risk across their attack surface is not anymore a human job. To mitigate this challenge, companies must start with gaining continuous, comprehensive visibility of real risks to their organization. It is incredibly important to find the weakness or vulnerabilities, however it is more important to figure out if these weaknesses are likely to impact them. To ensure maximum breach reduction and the most efficient security team organizations must prioritize fixing the riskiest issues.