Attack surface management is critical but few organizations do it well
Organizations mostly monitor what they already know about, leaving unknown assets unprotected and open to attackers
CyCognito announced new research in partnership with Enterprise Strategy Group (ESG) that revealed most security professionals recognize that attack surface protection is important, but their operational practices and tools used aren’t up to the challenge.
The new report, Gaps in Attack Surface Monitoring and Security Testing for Cyber-risk Mitigation, was based on a survey of 200 cybersecurity and IT professionals who are directly involved with their organization’s cybersecurity strategies, controls, and operations. Respondents came from companies with at least 4,000 employees in industries like technology, manufacturing, financial services, and healthcare, among others. According to 98 percent of survey respondents, attack surface monitoring is a “Top 10” security priority at organizations. But that positive perspective belies what is actually being done. A deeper analysis of survey responses reveals significant gaps across attack surface monitoring coverage and cadence.