Virtualization Technology News and Information
Article
RSS
Despite Growing Cyber-Threats, Less than Half of Organizations Perform Continuous Attack Surface Monitoring, New Survey from ESG and Bugcrowd Shows

Bugcrowd announced the release of the  Attack Surface and Vulnerability Management Assessment survey, completed in partnership with analyst firm Enterprise Strategy Group (ESG). The research found that 61% of organizations perform attack surface discovery to offset frequently changing assets in their attack surface and attack surface expansion, yet less than half (40%) of companies perform continuous attack surface management.

Only one out of five organizations surveyed qualified as a "leader" in how they execute attack surface and vulnerability management, while 49% ranked in the second tier as "fast-followers" and 39% ranked in the bottom tier as "emerging organizations." The survey discovered several key differences between leaders and other respondents in their strategy for attack surface and vulnerability management. Of note, nearly three out of four leaders (72%) perform continuous attack surface management, signaling attack surface discovery frequency is a sign of maturity.

Leading Organizations Augment Security Efforts with Crowdsourced Cybersecurity Solutions

Organizations that qualify as leaders recognize their own limitations and are much more likely to supplement their security efforts with crowdsourced penetration testing and bug bounty programs than the fast-followers and emerging organizations. In fact, 59% of leaders use bug bounty programs to discover previously unknown or undiscovered attack surface, compared to 43% of fast followers and 34% of emerging organizations. Furthermore, 41% of leaders plan to use crowdsourced security platforms for penetration testing over the next 24 to 36 months compared to just 19% of fast followers and 27% of emerging organizations.

"This research demonstrates how COVID-19 spurred many organizations to accelerate their digital transformation efforts, thus increasing the size and complexity associated with managing their attack surface," said Ashish Gupta, CEO, Bugcrowd. "One factor really separated the more successful organizations from the rest of the pack: the leaders clearly lean more heavily on crowdsourced security solutions to augment their security efforts. This layered approach to security has significantly strengthened their ability to protect their attack surface and mitigate vulnerabilities."

Routine Penetration Testing and Attack Surface Discovery Monitoring Distinguishes Leaders from Less Mature Organizations

Fast-followers and emerging organizations are far less proactive in performing attack surface and vulnerability discovery solutions compared to leaders. For example, 72% of leaders conduct attack surface discovery on a continual basis, compared to just 52% of fast-followers and 3% of emerging organizations. Additionally, 59% of leaders perform penetration testing for vulnerability discovery more often than once per month, while only 23% of fast-followers and 3% of emerging organizations do on the same frequency. However, the less mature companies report higher confidence in their attack surface and vulnerability discovery tooling and technologies, demonstrating a lack of awareness of potential risk. 

"There is a stark contrast between what the leaders are doing and what everyone else is doing, and the latter group should take note of the difference," said Jon Oltsik, Senior Principal Analyst and Fellow, ESG. "Leading organizations use a diverse combination of tools, automated processes, and integrated workflows to constantly look for problems in their attack surface and vulnerability management. They unify efforts across their organization and are proactive in taking necessary actions to mitigate any risks they discover. Perhaps most important, leaders are aware of their limitations and are much more likely to use bug bounties, crowdsourced penetration testing and other external services." 

To uncover security blind spots and stay ahead of rapidly evolving cybersecurity threats, organizations across all security maturity levels can embrace crowdsourced cybersecurity to protect their attack surface and remedy vulnerabilities before they can be exploited. For more information, download the full report, Attack Surface and Vulnerability Management Assessment

Published Wednesday, November 18, 2020 3:46 PM by David Marshall
Filed under: ,
Comments
There are no comments for this post.
To post a comment, you must be a registered user. Registration is free and easy! Sign up now!
Calendar
<November 2020>
SuMoTuWeThFrSa
25262728293031
1234567
891011121314
15161718192021
22232425262728
293012345