Survey Shows Half of U.S. Enterprises Struggle with Underdeveloped External Attack Surface Management Programs, Even as 90% Report Rise in Significant Incidents

Threat Intelligence
Survey Shows Half of U.S. Enterprises Struggle with Underdeveloped External Attack Surface Management Programs, Even as 90% Report Rise in Significant Incidents

Published:

Reading time: 3 min.

The State of Threat Intelligence Tools: A Call for Improvement

In a rapidly evolving digital landscape, the effectiveness of cybersecurity measures is under scrutiny. A recent survey conducted by Cybersecurity Insiders and released by TacitRed highlights a concerning trend: 66% of respondents claim that their current threat intelligence tools offer only nominal effectiveness. This statistic raises critical questions about the state of external attack surface management (EASM) programs and the tools that support them.

The Growing Threat Landscape

The findings from the "2024 State of Attack Surface Intelligence report" reveal a stark reality for organizations across the United States. Nearly 90% of organizations reported an increase in impactful attack surface incidents, indicating that cyber threats are not only persistent but also escalating in severity. As businesses invest in new technologies to drive digital transformation, they inadvertently expand their attack surfaces, providing cyber adversaries with more opportunities to exploit vulnerabilities.

Immaturity in EASM Programs

Despite the increasing threat landscape, the survey found that 50% of U.S. enterprises have immature EASM programs. Many organizations are still in the early stages of development, characterized by unstructured and reactive risk management approaches. Only 33% of respondents reported having more advanced, automated, and optimized capabilities. This lack of maturity is alarming, especially given the growing number of incidents attributed to external-originated attacks.

Holger Schulze, CEO and founder of Cybersecurity Insiders, emphasized the need for organizations to evolve beyond inconsistent and reactive measures. He stated, "The survey results underscore ample room for growth in maturing the people, processes, and tools necessary for effective EASM." This sentiment resonates with the pressing need for organizations to adopt more proactive and responsive strategies to enhance their overall cybersecurity posture.

Challenges with Current Tools

The survey results paint a troubling picture regarding the efficacy of existing threat intelligence tools. A significant 66% of respondents rated their attack surface intelligence tools as only nominally useful. This dissatisfaction is compounded by the challenges security teams face in managing the overwhelming amount of threat noise and poor-quality intelligence. Specifically, 39% of respondents reported difficulties coping with excessive threat noise, while 37% cited poor threat intelligence as a contributing factor to analyst burnout and delayed responses.

Moreover, 40% of respondents expressed challenges in identifying third-party exposures and maintaining an accurate inventory of internet-facing assets. This gap between tool perception and hands-on efficacy is particularly concerning, as security analysts were found to be a third less positive about their tools compared to senior management. This disconnect highlights the need for organizations to critically evaluate the tools they employ and seek solutions that genuinely enhance their security operations.

Budget Increases and Future Directions

Despite the challenges, there is a silver lining: 90% of organizations anticipate increased investment in EASM tools and threat intelligence. Notably, 40% expect their budgets to grow by over 20% compared to the previous year. This trend indicates a recognition of the need for improved processes and technologies to address operational gaps in cybersecurity.

Interestingly, larger organizations (those with over 2,500 employees) are twice as likely to have mature EASM programs compared to their smaller counterparts. This disparity can be attributed to the greater resources and investments available to larger enterprises. However, the findings suggest that all organizations, regardless of size, must prioritize the development of robust EASM programs to mitigate risks effectively.

The Path Forward

As organizations navigate the complexities of the modern threat landscape, the need for effective attack surface management becomes increasingly critical. The survey findings underscore the importance of adopting a multi-source, curated, and prioritized approach to threat intelligence. 65% of professionals expressed a desire for such intelligence, indicating a clear demand for tools that can deliver actionable insights.

Furthermore, the anticipated convergence of security tools and the application of Generative AI are expected to positively impact EASM programs. By leveraging advanced technologies, organizations can enhance their threat responsiveness and improve asset inventory accuracy, ultimately strengthening their cybersecurity posture.

Conclusion

The findings from the "2024 State of Attack Surface Intelligence report" serve as a wake-up call for organizations to reassess their cybersecurity strategies and tools. With 66% of respondents finding their threat intelligence tools nominally effective, there is a pressing need for improvement. As cyber threats continue to evolve, organizations must invest in mature EASM programs and adopt proactive measures to safeguard their digital assets. The future of cybersecurity depends on our ability to adapt, innovate, and respond effectively to the challenges that lie ahead.

Related articles

Recent articles

Latest news

© 2024 BasicFundas.com [ CYBERSECURITY NEWS UPDATES ] All Rights Reserved.