The 2020 State of Enterprise Security Posture Report published findings that are concerning for the overall cybersecurity of organizations. It reports that cybersecurity teams are struggling with key security controls necessary for a robust cybersecurity posture. Among lack of some key security controls many organizations have inadequate visibility into threats, endpoint devices, and access privileges.
Regarding the level of confidence organizations have about their security posture, 64% said they are somewhat confident in their security posture.
Inadequate security visibility was an issue for 46% of respondents. They found it difficult to differentiate between vulnerabilities that posed real threats versus ones that did not.
Respondents answered that the top five security threats organizations are concerned about include:
- Phishing, web and ransomware (89%)
- Unpatched systems (53%)
- Misconfigurations (47%)
- Identity and access management (41%)
- Password issues (33%)
Managed Detection and Response premieres our optimized Cybersecurity combo-offering that features ongoing expert incident response, forensics, and remediation with additions to include proactive threat hunting services.
The top five risk areas organizations have continuous visibility into are:
- Unpatched systems (68%)
- Identity and access management (59%)
- Phishing, web and ransomware (48%)
- Password issues (46%)
- Asset inventory (44%)
Lack of visibility into phishing risk is a major problem for organizations of all sizes. Phishing targets users with malicious emails and websites. 89% of organizations state that phishing is their greatest area of risk. However, only 48% of them have adequate visibility into phishing risk.
The majority of respondents experience inventory blind spots, which negatively impacts their security posture and can create serious risks as well. Only 40% of organizations are aware of 75% or more of their assets, along with business criticality and categorization. 83% of organizations note that they have at least 50% asset coverage. They have a rough estimate of their assets, but spotty coverage when it comes to business criticality and categorization.
Excessive access privileges are an issue considering 80% of organizations provide more access privileges than necessary for users.
52% of cybersecurity leaders are settling for “okay” board or senior management presentations when communicating about the organization’s security posture. However, only 13% feel they’ve nailed it and senior management has understood the security situation.
The report is based on the results collected from an extensive online survey of 372 IT and cybersecurity professionals in the U.S. The respondents range in career level, company size, and industry.