How to tackle cybersecurity debt

April 13, 2022

When the COVID-19 pandemic accelerated digital expansion, many businesses introduced new technology without building in cybersecurity controls from the start.

The CyberArk 2022 Identity Security Threat Landscape Report found that security professionals agree — recent organization-wide digital initiatives have come at a price. The report surveyed 1,750 cybersecurity decision-makers, highlighting their experiences over the past year in supporting their organizations’ expanding digital initiatives.

Increasing levels of cybersecurity debt

While security programs have expanded, they have not kept pace with organizations’ operational and business growth investments. This has created cybersecurity debt, which emerged through not properly managing and securing access to sensitive data and assets. According to the report, a lack of identity management controls has increased enterprise risk.

The cybersecurity debt is compounded by the recent rise in geopolitical tensions, which have reinforced the need for heightened awareness of the physical consequences of cyberattacks, especially on critical infrastructure:

Seventy-nine percent of report respondents agree that their organization prioritized maintaining business operations over ensuring robust cybersecurity in the last 12 months.
Less than half (48%) have identity security controls in place for their business-critical applications.

How to fight cybersecurity debt

Transparency: 85% of respondents say that a Software Bill of Materials would reduce the risk of compromise stemming from the software supply chain.
Manage sensitive access: The top three measures that most chief information officers (CIOs) and chief information security officers (CISOs) have introduced are real-time monitoring and analysis to audit privileged session activity; least privilege security and zero trust principles on infrastructure that runs business-critical applications; and processes to isolate business-critical applications from internet-connected devices to restrict lateral movement.

For more report insights, click here.

Ransomware and the propulsion of the extortion economy has rapidly eclipsed into a national priority. Recently, we observed the catastrophic impact of a widescale ransomware attack impacting gas pipelines and raising national gas prices overnight.

Security departments have long struggled to bring their real-time voice communications into the present, resorting to communicating with radios, unsecure applications, multiple devices, and Wi-Fi-only solutions.

Poll

Business Travel Security

View Results

Poll Archive

Products

Effective Security Management, 7th Edition

Effective Security Management, 5e, teaches practicing security professionals how to build their careers by mastering the fundamentals of good management. Charles Sennewald brings a time-tested blend of common sense, wisdom, and humor to this bestselling introduction to workplace dynamics.

See More Products

How to tackle cybersecurity debt

Increasing levels of cybersecurity debt

How to fight cybersecurity debt

Recent Articles by Security Staff

(ISC)² to offer 100,000 free entry-level cyber certification exams

SIA opens Women in Security scholarship applications

Allied Universal acquires company serving Southeastern US

9 in 10 companies attacked by ransomware would pay if hit again

93% of orgs have suffered a data-related business disruption

Get our new eMagazine delivered to your inbox every month.

Stay in the know on the latest enterprise risk and security industry trends.

How to tackle cybersecurity debt

Increasing levels of cybersecurity debt

How to fight cybersecurity debt

Recent Articles by Security Staff

Related Articles

Get our new eMagazine delivered to your inbox every month.

Stay in the know on the latest enterprise risk and security industry trends.