Cybersecurity alert fatigue is an issue that is long overdue for a real solution. The average cybersecurity team is facing a backlog of 120,561 findings and alerts awaiting review. This is a major problem for any company with a rapidly growing attack surface. Which of these possible or actual security issues poses a real threat to their organization—and what chance do they have of finding it in time?
Basic cyber hygiene measures offer effective protection against common threats such as ransomware and web application attacks—and yet data breaches continue to plague today's enterprises. Why? What's preventing security teams from doing cyber hygiene basics for protecting their organization? Simply put, the modern attack surface has grown too large and complex, too quickly for these teams to keep up. As a vast landscape of cyber assets generates a flood of alerts, security professionals struggle to investigate issues in a timely manner, much less work proactively to improve their security posture. Cybersecurity alert fatigue has set in, and we need to address the problem head-on.
To gain a better understanding of the situation, JupiterOne has undertaken a wide-ranging research study to examine the current state of cyber assets. Using data from the organizations who use JupiterOne's Cyber Asset and Attack Surface Management (CAASM) product, we analyzed over 370 million cyber assets, findings, and policies across almost 1,300 organizations—and found the scale of the problem to be truly overwhelming.
This blog is the first in our five-part series exploring the findings in the JupiterOne 2022 State of Cyber Assets Report.
The expanding attack surface puts organizations at risk
The enterprise technology ecosystem has been rapidly reshaped by API-first, cloud-first, and digital transformation initiatives; hybrid work models; and shadow IT. While these trends offer powerful business benefits, they come at a high cost to security. As more cyber assets enter the environment, companies increasingly face the risk of a cyberattack that starts through the exploit of an unknown, unmanaged, or poorly managed internet-facing asset.
The 2022 State of Cyber Assets Report reveals the full scope of the challenge. The average security team is responsible for 165,633 cyber assets, including:
- 28,872 cloud hosts
- 12,407 network interfaces
- 55 applications per human employee
- 59,971 data assets (including 3,027 secrets), and
- 35,018 user assets.
It's not just the sheer number of assets that matter. Understanding the relationships among them—does this user have access to an Amazon Web Services (AWS) environment? Does this IoT device connect to critical production systems?—is critical to assess and limit the blast radius of a potential compromise. Maintaining an accurate and timely inventory of cyber assets and relationships across a complex, ever-changing environment can be immensely challenging, but without it, SecOps teams are flying blind.
Meanwhile, security teams face a relentless flurry of alerts and findings. While some might call for major engineering to be resolved, many more will require no action—but must still be examined individually nonetheless. Over the course of days, weeks, and months, even dedicated professionals become burned out and liable to human error.
Helping security teams beat cybersecurity alert fatigue
With cybersecurity talent in short supply—and priced at a premium—organizations need to help their existing teams become more efficient, productive, and proactive. This requirement has driven the rise of CAASM solutions, which enable organizations to discover and view all of their assets, internal and external, known and unknown, and the relationships among them. With this understanding and visibility, organizations can improve detection and response, close security gaps, and avoid compliance drift. During a security event, they can determine the blast radius of a compromised asset, then respond more quickly and effectively to the breach.
In our next blog, we'll look at the findings of the JupiterOne 2022 State of Cyber Assets Report on the state of cybersecurity skills training.