Research reveals security leaders suffer from attack surface blindness
June 20, 2019
Newly published research, questioning more than 200 senior security leaders from organisations of all sizes, has revealed that ‘attack surface blindness’ is holding back better enterprise cyber-security posture.
The Security Leader’s Peer Report, commissioned by Panaseer and published today, has concluded that efforts to improve enterprise cyber-security posture are being hamstrung by a lack of visibility into technical assets and security controls.
The report found that some 89 percent of security leaders at large enterprises struggle with visibility and insight into trusted data, and 31 percent were understandably concerned about how this impacts upon regulatory compliance.
When asked about the assets into which they had least visibility, perhaps unsurprisingly IoT devices topped the list (20 percent). However, it may come as more of a surprise, and certainly a worry, that applications (18 percent) and privileges (15.5 percent) weren’t that far behind. Given that every “senior security leader” will inherently understand, you would hope, the importance of controlling privileged access within any security posture framework, that they appear to have relatively poor visibility into this area is of huge concern.
“They may recognise the importance of managing privileged access” Charaka Goonatilake, CTO at Panaseer, told SC Media UK, “but will likely lack the capability to gather privilege data from all the siloed systems and subsequently analyse and make sense of this data.”