A substantial 82% of companies have reported a widening gap between security exposures and their ability to manage them.
The figure comes from XM Cyber’s 2024 State of Security Posture Report, which offers insights from a survey of 300 Chief Information Security Officers (CISOs) and security decision-makers from major US and UK organizations.
Published on January 9, 2024, the report explores how organizations are approaching cybersecurity challenges, shedding light on trends and issues within the industry.
“The report corresponds with what we are seeing from organizations, especially in the gap between the number of vulnerabilities and their ability to remediate them,” commented John Gallagher, vice president of Viakoo Labs at Viakoo.
According to the executive, the lack of an appropriate remediation solution tailored to the specific threat type is the root cause for most organizations facing this issue.
“For example, agent-based IT remediation solutions will not work for IoT environments that require agentless solutions, yet IoT is one of the fastest growing parts of the attack surface,” Gallagher added.
Another key trend identified is the increased commitment to remediation efforts, with 87% of surveyed organizations planning to enhance vulnerability and exposure remediation within the next year.
Despite this commitment, challenges such as a shortage of skilled personnel and burdened security teams persist, with 62% of IT and security teams actively engaged in remediating an average of 12 exposures per week.
“This is a reflection on how threat actors are using new attack vectors that organizations have not yet mounted effective defenses against, and the lack of automated remediation solutions,” Gallagher explained.
The survey also suggests outdated legacy systems compound the challenges, emphasizing the need for a new approach to align older systems with emerging threats.
Another notable theme is the focus on cloud-centric security concerns, with 45% of organizations prioritizing the cloud for enhancing their security posture.
Read more on cloud security: The Urgent Need to Enhance Cloud Data Security In 2023
Yet, nearly half of the organizations surveyed manage exposures separately for on-premise and hybrid cloud environments, suggesting a need for integrated cybersecurity strategies.
The report also points out communication and organizational alignment challenges, emphasizing the importance of conveying security posture effectively to leadership.
“If there is a positive message from this report, it is in how multiple constituencies are focused on vulnerability remediation and pushing organizations to improve,” Gallagher concluded.
“Not only the board of directors and management, but also compliance regulations, cyber insurance and customer requirements are driving increased remediation focus.”