"Eliminating 2% of Exposures Could Protect 90% of Critical Assets"

According to researchers at XM Cyber, only 2% of all exposures enable attackers with seamless access to critical assets, while 75% of exposures along attack paths lead to “dead ends.”  The researchers analyzed over 60 million exposures in over 10 million entities on-premise and in the cloud during the study.  The researchers discovered that 71% of organizations have exposures in their on-premise networks that put their critical assets in the cloud at risk.  Once there, 92% of critical assets become vulnerable.  The researchers noted that once attackers infiltrate cloud environments, it’s easy for them to compromise assets.  The researchers stated that cloud security is not yet mature, and many security teams don’t fully understand what security issues they need to look for.  The researchers also found that average organizations have 11,000 exploitable security exposures monthly, with techniques targeting credentials and permissions affecting 82% of organizations and exploits accounting for over 70% of all identified security exposures.  The researchers stated that instead of focusing on a list of 20,000 vulnerabilities to address, focus on identifying the quickest wins in your external-facing infrastructure, then work to reduce the scope of permissions that your user and service accounts have.  By reducing the amount of systems that users can access, you reduce the risk of those credentials being abused in later stages of an attack, and you increase the efficacy of this practice when you stack on multi-factor authentication and device health attestation.

Infosecurity reports: "Eliminating 2% of Exposures Could Protect 90% of Critical Assets"