Expanding Attack Surface and Cybersecurity Alert Fatigue Hinder Cyber Hygiene Basics

by

Cybersecurity alert fatigue is an issue that is long overdue for a real solution. The average cybersecurity team is facing a backlog of 120,561 findings and alerts awaiting review. This is a major problem for any company with a rapidly growing attack surface. Which of these possible or actual security issues poses a real threat to their organization—and what chance do they have of finding it in time?

Basic cyber hygiene measures offer effective protection against common threats such as ransomware and web application attacks—and yet data breaches continue to plague today's enterprises. Why? What's preventing security teams from doing cyber hygiene basics for protecting their organization? Simply put, the modern attack surface has grown too large and complex, too quickly for these teams to keep up. As a vast landscape of cyber assets generates a flood of alerts, security professionals struggle to investigate issues in a timely manner, much less work proactively to improve their security posture. Cybersecurity alert fatigue has set in, and we need to address the problem head-on.

To gain a better understanding of the situation, JupiterOne has undertaken a wide-ranging research study to examine the current state of cyber assets. Using data from the organizations who use JupiterOne's Cyber Asset and Attack Surface Management (CAASM) product, we analyzed over 370 million cyber assets, findings, and policies across almost 1,300 organizations—and found the scale of the problem to be truly overwhelming.

This blog is the first in our five-part series exploring the findings in the JupiterOne 2022 State of Cyber Assets Report.

The expanding attack surface puts organizations at risk

The enterprise technology ecosystem has been rapidly reshaped by API-first, cloud-first, and digital transformation initiatives; hybrid work models; and shadow IT. While these trends offer powerful business benefits, they come at a high cost to security. As more cyber assets enter the environment, companies increasingly face the risk of a cyberattack that starts through the exploit of an unknown, unmanaged, or poorly managed internet-facing asset.

The 2022 State of Cyber Assets Report reveals the full scope of the challenge. The average security team is responsible for 165,633 cyber assets, including:

  • 28,872 cloud hosts
  • 12,407 network interfaces
  • 55 applications per human employee
  • 59,971 data assets (including 3,027 secrets), and
  • 35,018 user assets.

It's not just the sheer number of assets that matter. Understanding the relationships among them—does this user have access to an Amazon Web Services (AWS) environment? Does this IoT device connect to critical production systems?—is critical to assess and limit the blast radius of a potential compromise. Maintaining an accurate and timely inventory of cyber assets and relationships across a complex, ever-changing environment can be immensely challenging, but without it, SecOps teams are flying blind.

Meanwhile, security teams face a relentless flurry of alerts and findings. While some might call for major engineering to be resolved, many more will require no action—but must still be examined individually nonetheless. Over the course of days, weeks, and months, even dedicated professionals become burned out and liable to human error.

Helping security teams beat cybersecurity alert fatigue

With cybersecurity talent in short supply—and priced at a premium—organizations need to help their existing teams become more efficient, productive, and proactive. This requirement has driven the rise of CAASM solutions, which enable organizations to discover and view all of their assets, internal and external, known and unknown, and the relationships among them. With this understanding and visibility, organizations can improve detection and response, close security gaps, and avoid compliance drift. During a security event, they can determine the blast radius of a compromised asset, then respond more quickly and effectively to the breach.

In our next blog, we'll look at the findings of the JupiterOne 2022 State of Cyber Assets Report on the state of cybersecurity skills training.

Jasmine Henry
Jasmine Henry

Jasmine Henry is a security practitioner who's used JupiterOne to create a compliant security function at a cloud-native startup. She has 10 years of experience leading security programs, an MS in Informatics and Analytics, and a commitment to mentoring rising security practitioners from underrepresented backgrounds. Jasmine is a Career Village co-organizer for The Diana Initiative security conference. She lives in the Capitol Hill neighborhood of Seattle, WA.

Keep Reading

Introducing Continuous Controls Monitoring (CCM) | JupiterOne
November 7, 2024
Blog
Introducing Continuous Controls Monitoring (CCM)

CCM delivers real-time visibility, proactive risk management, and streamlined compliance for security.

Now Available: JupiterOne’s Public Postman Workspace | JupiterOne
October 31, 2024
Blog
Now Available: JupiterOne’s Public Postman Workspace

Explore JupiterOne’s Public Postman Workspace to streamline your workflows and enhance your security operations.

Prioritizing Exploitable Vulnerabilities to Protect Your Business Critical Assets | JupiterOne
October 16, 2024
Blog
Prioritizing Exploitable Vulnerabilities to Protect Your Business Critical Assets

Vulnerability scanners flood teams with alerts, but CTEM helps prioritize based on exploitability and business impact, ensuring focus on the most critical threats.

15 Mar 2022
Blog
One line headline, one line headline

Lorem ipsum dolor sit amet, consectetur adipiscing elit, sed do eiusmod tempor incididunt ut labore et dolore magna aliqua. Ut enim ad minim veniam, quis nostrud eiut.

15 Mar 2022
Blog
One line headline, one line headline

Lorem ipsum dolor sit amet, consectetur adipiscing elit, sed do eiusmod tempor incididunt ut labore et dolore magna aliqua. Ut enim ad minim veniam, quis nostrud eiut.

15 Mar 2022
Blog
One line headline, one line headline

Lorem ipsum dolor sit amet, consectetur adipiscing elit, sed do eiusmod tempor incididunt ut labore et dolore magna aliqua. Ut enim ad minim veniam, quis nostrud eiut.