Many organizations are struggling to manage key security projects while being overwhelmed with volumes of alerts, increasing cyber threats and growing attack surfaces, a new report by asset visibility specialist Armis said.
Compounding that problem is a tendency by an organization’s top brass to miss hidden risks associated with digital transformation projects and compliance regulations, leading to a false sense of confidence in their awareness of these vulnerabilities, Armis said.
As Curtis Simpson, Armis chief information security officer, explained:
“A lot of progress has been made in bringing awareness and insights to organizations about the threats posed by different device types and threat actors. However, teams are struggling to effectively consume these insights in an agile manner, let alone prioritize tactical and strategic efforts with the greatest business value. The strategy of applying best practices at scale to every asset, everywhere with limited business context is no longer viable nor is it what businesses need today."
IT Leaders Describe Security Challenges
The Armis study comprised some 230 senior IT decision-makers from organizations with 500-plus employees. IT pros from the manufacturing, government, healthcare, financial services, retail and telecommunications industries identified five of the biggest challenges they face:
- Keeping up with threat intelligence (70%)
- Allocating cybersecurity resources and budget (47%)
- Visibility into all assets connected to the network (44%)
- Compliance and regulation (39%)
- Convergence of IT and OT (32%)
More Key Findings From the Study
On asset visibility:
- 94% of respondents said they had a live view of all their connected assets yet when asked how often they updated the inventory, 46% said weekly, 30% said daily, 15% said monthly and 5% said quarterly.
- When asked how many devices they think are on their organization’s network, 34% said 5,000 - 15,000, 29% said 15,001-25,000, 26% said 25,001-35,000, and 10% said 35,001-plus.
- According to proprietary data from the Armis Asset Intelligence and Security Platform collected between January 1 and March 27, 2023, 60% of Armis' U.S. customer base has more than 35,000 devices on their network, while nearly a third (32%) have more than 100,000 network devices.
- 64% of respondents said they had suffered a breach or ransomware attack in the last five years; 43% said it had been caused by employee phishing and 26% as a result of an IoT device hack.
- 20% of respondents said that they had suffered a breach due to a known vulnerability that had not been patched, while 12% indicated the breach was caused by an unpatched device.
- 62% of respondents registered growing concern over the threat of China-made devices in their network. However, respondents consistently ranked connected Chinese or Russian-made devices last in a list of 10 cybersecurity challenges their organization experienced over the past six months.
- With the escalation in nation-sponsored cyberwarfare and given guidance from CISA, 76% of respondents stated that they will prioritize gaining full visibility into their organization’s attack surface.
- Nearly half (48%) of respondents still use spreadsheets, like Excel or Google Sheets, to track their connected asset inventory, with 55% saying they use multiple tools.
- 6% of respondents admitted that they do not actively track unmanaged devices that are connected to their organization’s networks.
- 21% of respondents said they only monitor corporate devices.
- 33% of respondents also stated that they had 10 or more different tools to monitor their asset landscape, with 58% saying they used 5-10 different tools.
On the network:
- 83% of respondents expect to connect non-traditional devices, like operational technology (OT), to their corporate network in 2023.
- Respondents ranked in order of priority the importance of securing network infrastructure equipment such as routers, switches (38%), personal devices such as laptops, mobile phones (28%), IoT devices (25%), building systems like HVAC (24%) and lastly medical.
3 Key Steps to Greater Security
Offering advice for IT practitioners, Simpson concluded:
“Organizations need to think about their cyber/tech resiliency strategy in three key steps. First, they need a single source of asset truth across every device that is connected to their network, not just the managed devices.
"Second, visibility provides clarity into the technical and operational debt with the greatest potential for business impact and then lastly, action the intelligence so the technology environment can be optimized in support of resiliency.
"Regularly repeat the final two steps to ensure a continued focus on what is most likely to disrupt critical business operations and strategies.”