Axonius released its 2021 Cybersecurity Asset Management Trends report,
which reveals the extremes to which the pandemic escalated lack of
visibility into IT assets and how that is impacting security priorities.
According to the study conducted by Enterprise Strategy Group (ESG),
organizations report widening visibility gaps in their cloud
infrastructure (79%, which was a 10% increase over 2020), end-user
devices (75%), and Internet of Things (IoT) device initiatives (75%),
leading to increased risk and security incidents. However, around nine
out of 10 respondents report that automating IT asset visibility could
materially improve a variety of security operations.
"Collectively,
these assets represent an attack surface that organizations must
protect against an ever-expanding threat landscape used by adversaries
to compromise infrastructure and carry out malicious activities," said
Dave Gruber, ESG senior analyst. "When IT and security teams lack
visibility into any part of their attack surface, they lose the ability
to meet security and operational objectives, putting the business at
risk. In some cases, organizations were reporting 3.3 times more
incidents caused by lack of visibility into IT assets."
The report, titled "The Current State of the IT Asset Visibility Gap and Post-Pandemic Preparedness,"
explores the impact that the pandemic has had on IT complexity and
security, and explains the challenges that lie ahead. It also reveals
how automating asset management can close visibility gaps caused by the
rapid shift to remote work, IoT adoption, and accelerated digital
transformation.
"This
year's survey once again reinforces that lack of visibility into assets
is one of the most critical challenges facing every organization today.
Building a comprehensive inventory remains a slow, arduous, often
inadequate process, and as a result, more incidents are occurring," said
Dean Sysman, Axonius CEO. "However, automating cybersecurity asset
management can dramatically improve security and compliance efforts.
According to the study, eliminating visibility gaps results in a 50%
reduction in end-user device security incidents."
Organizations Plagued by Pandemic-Driven IT Complexity
More
than 70% of respondents report that additional complexity in their
environments has contributed to increasing visibility gaps. More than
half cite the rapid shift to remote work and changes to technology
infrastructure necessitated by security and privacy regulations as key
reasons for this increased complexity.
Nearly
90% of respondents say that the pandemic has accelerated public cloud
adoption. The study also reveals that the majority of organizations have
suffered more than five cloud-related security incidents in the last
year. Half of the respondents report visibility and management
challenges with public cloud infrastructure, mostly associated with data
spread across different tools, clouds, and infrastructure.
Participants
also anticipate a 74% increase in remote workers, even after pandemic
restrictions lift. This requires organizations to develop long-term
operating and security plans for hybrid work environments so that IT and
security teams do not remain blind to the personal networks and devices
supporting remote employees.
Although
organizations furloughed many IoT projects during the pandemic, they
may not be prepared when these initiatives reignite. Only 34% report
they have a strong strategy for maintaining IoT device visibility, while
62% report facing continued challenges with the variety of devices in
use.
Remote Work Shifts Priorities and Resources
The
rapid move to remote work motivated a significant change in
bring-your-own-device (BYOD) policies for 94% of organizations.
Pre-pandemic, close to half of the organizations surveyed prohibited
using personal devices for corporate activities, but this number has
fallen to 29% in this year's study, adding new management and security
challenges.
As
device diversity increases, IT and security teams are putting more
focus on identity and access management (IAM) solutions, with 65%
reporting that IAM is more challenging. And security teams are facing
increased workloads for investigations, with incidents on the rise.
Investment in Asset Management on the Rise
Organizations
depend on an average of eight different tools to pull together asset
inventories while reporting intensive, manual processes to pull together
the data. On average, it takes more than two weeks to generate an asset
inventory, utilizing a combination of tools that weren't built for this
task, including endpoint management and security tools, network access
controls, network scanning, configuration and patch management, and
vulnerability assessments.
With
this kind of effort, nearly two-thirds (64%) report asset inventory as
an event versus a process, only updating inventories monthly or
quarterly. This cadence leaves significant visibility gaps in between,
resulting in unmeasurable business risk, and takes away from other
priority tasks, such as vulnerability assessments and improved threat
investigations and response. Fortunately, realizing the critical
importance, more than 80% report plans to increase investments this year
to combat the problem.