• Home
  • About Us
  • Authors
  • Submit News
  • Contact Us
  • Privacy Policy
  • Sitemap
The Hack Post
  • Hacking News
    • Cyber Crime
  • Cyber Security
  • Technology
    • Internet
  • Entertainment
    • Gaming
  • Business
  • Science / Health
No Result
View All Result
The Hack Post
No Result
View All Result

Making Sense of the Chronic Unpreparedness of Many Organizations Against New Cyber Threats

Sofia Peterson by Sofia Peterson
June 7, 2022
Making Sense of the Chronic Unpreparedness of Many Organizations Against New Cyber Threats
Share on FacebookShare on Twitter

Research firm ThoughtLab recently announced the results of its 2022 cybersecurity benchmarking study called “Cybersecurity Solutions for a Riskier World.” Dubbed the world’s largest cybersecurity benchmarking, the study went in-depth into the cybersecurity strategies of 1,200 major organizations in over a dozen sectors across 16 countries. Representing the state of how over $125.2 billion in annual cybersecurity spending is utilized, the study reveals the low confidence of top executives in their organizations’ ability to confront new threats.

The study found that 40 percent of Chief Information Security Officers (CISOs) believe that their respective organizations are not ready to deal with the fast pace of changes in the cyber threat landscape. This may be unsurprising given that this finding is not that different from what other similar smaller studies have discovered over the past couple of years. Still, it is an issue worth examining countless times to drive the point that the current state of cybersecurity affairs does not have to stay as-is.

Can organizations be ready?

Before discussing the reasons why organizations have a hard time preparing for the modern cyber threats confronting them, here’s an important point to make: it is not impossible to be ready for the threats. As mentioned, only around 40 percent express a lack of confidence in their cyber threat preparedness. Even assuming that a significant number of those surveyed were just being overconfident, it would be a stretch to say that the overwhelming majority of organizations are completely defenseless against cyberattacks.

If cybercriminals are relentless, security firms are similarly determined to combat the threats. They continue to develop new technologies or solutions to address the increasing aggressiveness and sophistication of attacks. Extended security posture management (XSPM), for one, was developed to keep up with the ever-evolving nature of cyberattacks. It expands conventional cybersecurity by adding automation, analytics, insights, and access to systematic threat modeling and the most up-to-date threat intelligence.

While there are surveys that show that around three-quarters of organizations suffered at least one cyberattack over the past year, this does not mean that this overwhelming majority have been unprepared to deal with the problem. Most have survived or properly mitigated the problem after they were attacked. It would be irrational to expect absolute protection. There will be possibilities of failures, but organizations can indeed be ready to address highly aggressive and complex attacks.

Why many remain unprepared

From the number of respondents who admitted that their organizations were not ready for rapidly changing threats, the following numbers are worth noting:

  • 44 percent said that the reason is the complexity of supply chains.
  • 41 percent pointed to the fast pace of digital innovation as the reason.
  • 28 percent said the reason is the inadequate cybersecurity budget.
  • 28 percent said that the absence of executive support is to blame
  • 24 percent attributed the problem to the shortage of cybersecurity talent
  • 25 percent blamed the convergence of digital and physical assets

There is nothing shocking or new in these reasons. The growing complexity of (software) supply chains claims at least one high-profile victim: SolarWinds. The perpetrators of the SolarWinds attack reportedly knew the details of how the SolarWinds software build process worked. This knowledge allowed them to come up with an inconspicuous way to insert malicious code during the software compilation stage.

If an organization as big as SolarWinds failed to notice the attack on its software supply chain, it would not be surprising to see smaller and less financially capable organizations faring worse. They do not have enough cybersecurity budget to acquire the most effective security solutions and hire security experts who could come up with protocols, policies, and measures that would keep cyber threats and risks in check.

Adjusting to more complex environments because of rapid technological innovation and the intermingling of digital and physical assets is going to be a daunting challenge for many organizations. Their limited budgets and cybersecurity expertise makes it difficult to be proactive and forward-looking, especially when they have many other crucial concerns to attend to.

Recommendations on improving cyber threat readiness

The ThoughtLabs security benchmarking study provided a list of best practices to help organizations in improving their preparedness for emerging threats. Interestingly, most of the recommendations support the idea of moving towards extended security posture management.

For instance, the study advises organizations to adopt a rigorous risk-based approach that involves advanced quantitative analysis of risk impacts. XSPM features a threat alert prioritization scheme that assigns scores for the different risks to make it easy for cybersecurity teams to see the most urgent concerns. These scores and threat prioritization ensure that the large volume and frequency of security alerts do not drown important notifications into obscurity.

The study also tells organizations to take advantage of the latest technologies while not falling into the product proliferation trap (the inefficient use of too many security products). It is not uncommon for organizations to employ a mix of solutions for different security needs. This can be an issue, though, as it becomes difficult to keep track of numerous security controls, particularly the security data they generate. With extended security posture management, all these different solutions can be brought together under a single dashboard or interface that makes monitoring and response easier and more efficient.

Another noteworthy recommendation is on harnessing intelligent automation. The study indicates that automation has helped CISO’s achieve better cybersecurity results. Around 30 percent of organizations that saw outstanding dwell times made use of smart automation. Automation is a key feature of extended security posture management since it employs breach and attack simulation (BAS) as well as advanced purple teaming.

Additionally, the ThoughtLabs study suggests making improvements in the security controls for expanded attack surfaces in view of the widening of attack surfaces due to remote working arrangements, cloud migration, and greater supply chain complexity, and overall digital transformation. This guidance aligns with XSPM’s emphasis on better attack surface management.

Moreover, the study highlights the need for organizations to take cybersecurity maturity to the highest level. This entails the adoption of advanced cybersecurity frameworks such as the NIST framework. Extended security posture management also relies on a well-known security framework called MITRE ATT&CK, which shares the latest threat modeling and threat intelligence to organizations worldwide to facilitate a more organized and effective approach in detecting, preventing, and mitigating the latest adversarial tactics and techniques.

In summary

It is possible to improve cyber threat preparedness and fare better when cyber-attacks happen. It is not going to be a walk in the park, but the information, resources, tools, and platforms to achieve better readiness in dealing with the new era of cyberattacks are already available. Organizations just need to learn how to prioritize their resources and exert the time and effort to learn more about the new solutions designed to better respond to more aggressive and sophisticated attacks.

Sofia Peterson

Sofia Peterson

Sofia is a contributor at The Hack Post who loves to write about Technology. She also enjoys reading books and swims during her free time.

Next Post
How to choose a good router:modem?

How to choose a good router/modem?

Latest Articles

Zen Your Condo Tips for a Tranquil Space
Business

Zen Your Condo: Tips for a Tranquil Space

May 8, 2025
4 Hobbies for Introverts
news

4 Hobbies for Introverts

May 3, 2025
5 Benefits of Living in a Condo for Professionals
news

5 Benefits of Living in a Condo for Professionals

April 22, 2025
Are German Proxies Legal? The Complete 2025 Guide
Technology

Are German Proxies Legal? The Complete 2025 Guide

April 16, 2025
5 Ideas for Your Condo Console Gaming Setup
news

5 Ideas for Your Condo Console Gaming Setup

April 11, 2025
5 Creative Ideas to Level Up Your Condo Gaming Room
news

5 Creative Ideas to Level Up Your Condo Gaming Room

March 30, 2025
6 Helpful Tips when Moving with Your Pet
news

6 Helpful Tips when Moving with Your Pet

March 19, 2025
Enhancing Security Measures for A Seamless Mobile Trading Experience
Technology

Enhancing Security Measures for A Seamless Mobile Trading Experience

March 19, 2025
5 Ways Condos Support Health-Conscious Living
Science / Health

5 Ways Condos Support Health-Conscious Living

March 8, 2025
The Future of Mobile Gaming 5G, Al, and Cloud Inclusion
Entertainment

The Future of Mobile Gaming: 5G, Al, and Cloud Inclusion

February 21, 2025
Leveraging Digital Twins for Cost-Effective Decarbonisation and Avoiding Stranded Assets
Technology

Leveraging Digital Twins for Cost-Effective Decarbonisation and Avoiding Stranded Assets

February 20, 2025
Condo Bedroom Design Tips for Better Sleep
news

Condo Bedroom Design Tips for Better Sleep

February 13, 2025
  • Home
  • About Us
  • Authors
  • Submit News
  • Contact Us
  • Privacy Policy
  • Sitemap

The Hack Post © 2019

No Result
View All Result
  • Hacking News
    • Cyber Crime
  • Cyber Security
  • Technology
    • Internet
  • Entertainment
    • Gaming
  • Business
  • Science / Health

The Hack Post © 2019