Brazilian cybersecurity and IT leaders reveal ability to prevent only 59% of cyberattacks; 78% point to the cloud as their biggest source of risk; 76% say IT is more concerned with uptime than patches and remediation
Tenable, the exposure management company, today announces a study that shows the challenges that cybersecurity and IT leaders face in protecting their attack surface. The study “Old Habits Don’t Die: How People, Process and Technology Challenges are Affecting Cybersecurity Teams” reveals that in the last two years, organizations’ cybersecurity programs were prepared to preventively defend against, or block, only 59% of the cyberattacks they encountered. This means that 41% of attacks launched against Brazilian companies are successful and need to be remedied after the fact.
The study, based on a survey of 825 global cybersecurity and IT leaders, including Brazilian companies, carried out by Forrester Consulting this year on behalf of Tenable, shows how People, Process and Technology challenges stand between cybersecurity and IT teams and effective risk reduction practices.
Six out of ten (60%) respondents in Brazil say they focus almost entirely on combating successful attacks, rather than working to prevent them in the first place. Cyber professionals cite that this reactive stance is largely due to their organizations’ struggle to get an accurate picture of their attack surface, including visibility of unknown assets, cloud resources, code weaknesses and user rights systems.
The complexity of the infrastructure, with its reliance on multiple cloud systems, multiple identity and privilege management tools and large number of web-facing assets, brings with it many opportunities for misconfigurations and overlooked assets.
Respondents were particularly concerned about the risks associated with cloud infrastructure, given the complexity it introduces when trying to correlate user and system identities, access and rights data. 78%* see cloud infrastructure as the biggest source of exposure risk in their organization. In order, the greatest perceived risks come from the use of public cloud (28%), multiple and/or hybrid cloud (28%), cloud container management tools (12%) and private cloud infrastructure (10%).
Other findings of the study include:
- Although the majority of Brazilian respondents (66%) claim that they consider user identity and access privileges when prioritizing vulnerabilities for remediation, 56% said that their organization does not have an effective way of integrating this data into their preventive cybersecurity and exposure management practices.
- 54% say that a lack of data hygiene prevents them from extracting quality data from user access and privilege management systems, as well as vulnerability management systems.
- 72% of respondents believe that their organization would be more successful in defending itself against cyber attacks if it devoted more resources to preventive cyber security.
- On average, it takes 14 hours a month to create reports for business leaders on the integrity of the organizational security infrastructure.
- In 54% of Brazilian companies, meetings about business-critical systems take place once a month. For 22%, these meetings are held once a year or less.
“Last year, Brazil was the country with the highest volume of exposed data in the world. This underlines the urgency for organizations to adopt a proactive cybersecurity model. Mitigating an attack in progress, when the damage has already been done, is not only a loss of resources, but also a reminder that prevention is key. As the saying goes, ‘prevention is better than cure’ and nowhere is this truer than in cyber security today,” said Arthur Capella, country manager at Tenable Brasil. “At Tenable Brazil, we are committed to empowering organizations to strengthen their defenses, reduce exposure and promote a culture of cybersecurity resilience,” he added.
To read the full report with other findings from the study, including how organizations can face these challenges and move from a reactive security posture to a preventive approach, visit: https://pt-br.tenable.com/analyst-research/how-people-process-and-technology-challenges-are-hurting-cybersecurity-teams-in-brazil
Observation:
- Forrester Consulting conducted an online survey of 825 IT and cybersecurity professionals from large companies in the USA, UK, Germany, France, Australia, Mexico, India, Brazil, Japan and Saudi Arabia. The study was carried out in March 2023.
- Maturity modelling: Respondents were scored based on their answers to questions measuring different aspects of their maturity: the use of preventive security tools, the way they prioritize resources to reduce exposure to threats and the degree of visibility and collaboration in their organization. Forrester classified the bottom 20% as low maturity, the middle 60% as medium maturity and the top 20% as high maturity.
*** Translated by DEFCONPress FYI Team ***