CybersecurityManagementSecurity NewswireSecurity Leadership and ManagementLogical SecuritySecurity & Business ResilienceCybersecurity News

How to tackle cybersecurity debt

By Security Staff
cyber security
April 13, 2022

When the COVID-19 pandemic accelerated digital expansion, many businesses introduced new technology without building in cybersecurity controls from the start.

The CyberArk 2022 Identity Security Threat Landscape Report found that security professionals agree — recent organization-wide digital initiatives have come at a price. The report surveyed 1,750 cybersecurity decision-makers, highlighting their experiences over the past year in supporting their organizations’ expanding digital initiatives.

Increasing levels of cybersecurity debt

While security programs have expanded, they have not kept pace with organizations’ operational and business growth investments. This has created cybersecurity debt, which emerged through not properly managing and securing access to sensitive data and assets. According to the report, a lack of identity management controls has increased enterprise risk.

The cybersecurity debt is compounded by the recent rise in geopolitical tensions, which have reinforced the need for heightened awareness of the physical consequences of cyberattacks, especially on critical infrastructure:

  • Seventy-nine percent of report respondents agree that their organization prioritized maintaining business operations over ensuring robust cybersecurity in the last 12 months.
  • Less than half (48%) have identity security controls in place for their business-critical applications.

How to fight cybersecurity debt

  • Transparency: 85% of respondents say that a Software Bill of Materials would reduce the risk of compromise stemming from the software supply chain.
  • Manage sensitive access: The top three measures that most chief information officers (CIOs) and chief information security officers (CISOs) have introduced are real-time monitoring and analysis to audit privileged session activity; least privilege security and zero trust principles on infrastructure that runs business-critical applications; and processes to isolate business-critical applications from internet-connected devices to restrict lateral movement.

For more report insights, click here.

KEYWORDS: cyber security initiatives enterprise cyber security identity (ID) management risk analysis software as a service (SaaS)

Looking for a reprint of this article?
From high-res PDFs to custom plaques, order your copy today!

Related Articles

Related Products

See More ProductsSee More Products

Sign-up to receive top management & result-driven techniques in the industry.

Join over 20,000+ industry leaders who receive our premium content.

SIGN UP TODAY!