Only 2% of all exposures provide seamless access to critical assets, while 75% of exposures along assault paths lead to “dead ends.”
The findings originate from XM Cyber’s most recent report, which analyzed over 60 million exposures in over 10 million on-premise and cloud-based entities.
New research conducted in collaboration with the Cyentia Institute indicates that 71% of organizations have vulnerabilities in their on-premises networks that place their cloud-based critical assets at risk. 92% of essential assets become vulnerable once there
Once attackers infiltrate cloud environments, compromising assets is simple. Zur Ulianitzky, vice president of research at XM Cyber, remarked, “Cloud security is not yet mature, and many security teams do not fully comprehend what security issues they should be looking for.”
In addition, the report reveals that the average organization has 11,000 exploitable security vulnerabilities per month, with techniques targeting credentials and permissions affecting 82% of organizations and exploits accounting for over 70% of all identified security vulnerabilities.
Ulianitzky added, “Challenges also arise from how cloud identities and permissions are (mis)managed.” “Moving forward, organizations must rethink their security approach to ensure the protection of all identities, systems, and interdependencies between them.”
The XM Cyber research also found that most security warnings do not threaten vital assets.
“Instead of focusing on a list of 20,000 vulnerabilities to address, focus on identifying the quickest wins in your external-facing infrastructure, and then work to reduce the scope of permissions that your user and service accounts have,” said Melissa Bischoping, director of endpoint security research at Tanium.
By limiting the number of systems to which a user has access, you reduce the likelihood that their credentials will be exploited in later stages of an attack. Multi-factor authentication and device health attestation enhance the effectiveness of this practice.
The XM Cyber report was published weeks after a Microsoft white paper suggested that only 1% of cloud permissions are actively used.