Only 2% of all exposures enable attackers with seamless access to critical assets, while 75% of exposures along attack paths lead to “dead ends.”
The findings come from the latest report by XM Cyber, which analyzed over 60 million exposures in over 10 million entities on-premise and in the cloud.
Written in collaboration with the Cyentia Institute, the new research also suggests that 71% of organizations have exposures in their on-premises networks that put their critical assets in the cloud at risk. Once there, 92% of critical assets become vulnerable.
“Once attackers infiltrate cloud environments, it’s easy for them to compromise assets. Cloud security is not yet mature, and many security teams don’t fully understand what security issues they need to look for,” explained Zur Ulianitzky, vice president of research at XM Cyber.
Further, the report shows that average organizations have 11,000 exploitable security exposures monthly, with techniques targeting credentials and permissions affecting 82% of organizations and exploits accounting for over 70% of all identified security exposures.
“Challenges also surface from how cloud identities and permissions are (mis)managed,” Ulianitzky added. “Moving forward, organizations must rethink their approach to security to ensure the protection of all of our identities, systems and interdependencies among them holistically.”
That being said, the XM Cyber report also showed that most security alerts are benign and do not lead to critical assets.
“Instead of focusing on a list of 20,000 vulnerabilities to address, focus on identifying the quickest wins in your external-facing infrastructure, then work to reduce the scope of permissions that your user and service accounts have,” said Tanium security director of endpoint security research, Melissa Bischoping, commenting on the findings.
“By reducing the amount of systems that users can access, you reduce the risk of those credentials being abused in later stages of an attack, and you increase the efficacy of this practice when you stack on multi-factor authentication and device health attestation.”
The XM Cyber report comes weeks after a Microsoft paper suggested that just 1% of all cloud permissions are actively used.