CORRECTION -- Survey Reveals that Half of U.S. Enterprises Have Immature External Attack Surface Management Programs Despite 90% Indicating Increases in Impactful Incidents

66% of Respondents Claim Only Nominal Effectiveness with Current Threat Intelligence Tools

IRVINE, Calif., Oct. 09, 2024 (GLOBE NEWSWIRE) -- In a release issued earlier, the link to the webinar should have been http://www.tacitred.com/asm24webinar/. The corrected release follows:

TacitRed today announced new survey findings in its "2024 State of Attack Surface Intelligence report.” The research, conducted by Cybersecurity Insiders, a community membership of over 600,000 information technology (IT) security professionals, found that half of U.S. enterprises have immature external attack surface management (EASM) programs despite nearly all respondents indicating an increase in impactful attack surface incidents. Organizations are investing in new technologies and applications to drive digital transformation, but in doing so, have enabled cyber adversaries means to exploit external attack surface exposures.

The 2024 Attack Surface Threat Intelligence report, which aimed at getting a better understanding of the key cyber security microtrends impacting businesses today, provides insights into the challenges, advances, maturity, and best practices for managing external attack surface risk. A findings summary infographic can be downloaded at www.tacitred.com/asm2024inf. To obtain the full report, visit www.tacitred.com/asm2024rpt.

"Given increased threats, operational deficiencies, and limited resources, the survey results underscore ample room for growth in maturing the people, processes, and tools necessary for effective EASM,” said Holger Schulze, CEO and founder of Cybersecurity Insiders. "Organizations should evaluate how to move beyond inconsistent and reactive measures and invest in more efficient, proactive, and responsive approaches to attack surface management to enhance their overall cyber posture and resiliency.”

Attack Surface Intelligence Insights and Challenges

Findings indicate that changes in attack surface infrastructure and external-originated incidents are steadily growing, but current tools are not effectively serving security operations teams. include:

90% of organizations experienced an increase in impactful attack surface incidents.84% of respondents expressed attack surface dynamics contributing to security incidents.Over a third of respondents expressed challenges of coping with too much threat noise (39%) and poor threat intelligence (37%) - contributing to analyst burnout, missed detections, and delayed response.Similarly, more than half of respondents (66%) claimed only nominal usefulness in their attack surface threat intelligence tools while 40% expressed challenges in identifying third-party exposures, maintaining accurate internet-facing asset inventory, and detecting active threats.Security analysts were a third less positive about tools supporting EASM programs compared to senior management - indicating a gap between tool perception and hands-on efficacy.  

EASM Programs Lack Maturity, Not Budget  

The maturity of EASM programs varies significantly across organizations. Nearly 50% of respondents report that their programs are in the early stages of development, either in the Initial or Repeatable phases, where risk management remains unstructured and reactive. Only 33% of respondents are in more advanced stages of maturity, having more defined, automated, and optimized capabilities. Technology and healthcare industries claim slightly (10%) stronger maturity compared to government and financial services organizations.

Large organizations (over 2,500 employees) appear twice as likely to have mature programs than smaller organizations - which may be attributed to having more resources and investment. Fortunately, budgets for EASM programs are on the rise with 90% expecting increased investment in EASM tools and threat intelligence. 40% of respondents anticipate a budget increase over 20% compared to the previous year. The findings have major implications for EASM providers as organizations seek to improve processes and evaluate new technologies to address operational gaps.

Additional findings include:

90% of organizations experienced an increase in impactful attack surface incidents Smaller companies ( Read The Rest at :