2023 Cyber Security Trends and Cyber Asset Visibility Survey: Insights from Armis

The threat of cyberattacks is ever-present, with organizations of all sizes and types facing the risk of data breaches, ransomware attacks, and other cybercrimes. However, according to a new trend analysis for 2023 by Armis, organizations are struggling to prioritize and focus on key security projects against an onslaught of alerts, rising threats, and an ever-increasing attack surface. The research shows that competing requests from the board and executives, a rapid progression in digital transformation projects, and increasingly complex compliance regulations are causing hidden risks in organizations that don’t know how to prioritize under the weight of all of this cyber intelligence information.

Top 5 2023 Challenges Keeping Senior IT Decision Makers up at Night

According to the Armis survey, the biggest cyber challenges identified this year by respondents were keeping up with threat intelligence (70%), allocating cybersecurity resources and budget (47%), visibility into all assets connected to the network (44%), compliance, and regulation (39%), and the convergence of IT and OT (32%).

These current challenges are combined with the fact that many of these respondents and their organizations have already experienced a cyber incident: the survey found that 64% of senior IT decision makers surveyed said they had suffered a breach or ransomware attack in the last 5 years. Nearly half (43%) stated that the event had been caused by employee phishing and 26% as a result of an IoT device hack. Additionally, 20% of respondents said they had suffered a breach due to a known vulnerability that had not been patched, while 12% indicated the breach was caused by an unpatched device.

1. Unknown Blind Spot Identified: Misconceptions About Asset Visibility

One of the key challenges faced by organizations is the miscount of devices connected to their networks. While 94% of respondents said they have a live view of all their connected assets, nearly half (48%) of respondents still use spreadsheets like Excel or Google Sheets to track their connected asset inventory, with 55% saying they use multiple tools. This leads to a huge miscount of devices connected to their networks, causing organizations to have a false sense of confidence in their real-time awareness of these significant visibility gaps.

For example, when asked how many devices they think are on their organization’s network, 34% said 5,000 – 15,000, 29% said 15,001-25,000, 26% said 25,001-35,000, and 10% said 35,001+. However, according to proprietary data from the Armis Asset Intelligence and Security Platform collected between January 1, 2023, and March 27, 2023, 60% of Armis’ U.S. customer base have more than 35,000 devices on their network, while nearly a third (32%) have more than 100,000 connected devices. These blind spots and false sense of confidence from respondents in their real-time awareness of these visibility gaps highlights the need for organizations to have an accurate inventory of their connected assets to combat the escalation of global threats – and to allocate sufficient resources and budget to address these critical gaps.

To add, even though respondents indicated that they’re confident and believe they have a live view of all of their connected assets as highlighted above, they themselves ironically identified visibility into all assets connected to the network as a major challenge that they’re currently facing, with 44% of respondents citing this as a concern. This is not surprising given the complex and rapidly changing nature of today’s technology environments, which can include a wide range of devices and systems, including IoT devices, operational technology (OT) systems, and more. Without comprehensive visibility into all assets connected to the network, organizations are at risk of overlooking vulnerabilities that can be (or are being) exploited by threat actors.

2. Too Many Tools = No Real Single Source of Truth

The survey also found that 33% of respondents had 10 or more unique tools to monitor their asset landscape, with 58% saying they use 5-10 different tools. This creates a situation where organizations are managing and using multiple cybersecurity asset management tools, making it difficult to prioritize and focus on priority proactive and reactive efforts. This leads to a situation where security teams cannot create actionable plans against priority efforts and in the meantime, are spending too much time rationalizing disjointed, incomplete information. This is not an effective strategy in combating risk this year.

3. Competing Priorities Result in Uncertainty Around Budget Allocation

Another significant challenge identified in the report is the allocation of cybersecurity resources and budget, with 47% of respondents citing this as a concern. This is particularly worrying given the increasing importance of cybersecurity in today’s digital landscape. With the rise of remote work, cloud computing, and the Internet of Things, the attack surface has expanded dramatically, and organizations need to allocate sufficient resources and budget to ensure that they are adequately protected.

This also highlights the need for cyber leaders and teams to continue optimizing their storytelling and internal selling capabilities, ensuring that budgetary needs are raised in such a manner that resonates with the business.

4. Global Compliance Regulations Add a Layer of Complexity

The report also found that compliance and regulations are a significant challenge for many organizations, with 39% of respondents citing this as a concern. This is not surprising given the increasing regulatory pressure on organizations to protect sensitive data and ensure the privacy and security of their customers. Compliance with regulations such as GDPR, HIPAA, and CCPA can be complex and time-consuming, and organizations need to allocate sufficient resources and budget to ensure that they maintain compliance.

5. Convergence of Technologies: a Double-edged Sword

Finally, the convergence of IT and OT was identified as a challenge by 32% of respondents. This is an increasingly important issue, as the convergence of IT and OT systems can create new vulnerabilities and risks that organizations need to be aware of. OT systems, such as those used in manufacturing and industrial settings, have different unique management requirements and vulnerability mitigation approaches than traditional systems, and organizations need to ensure that they are adequately protected against these risks.

Shining a Light on Other Startling Findings: Unmanaged Devices Fly Under the Radar & Device Inventory Management Not Updated Frequently Enough

Another concerning finding from the report is that 6% of respondents admitted that they do not actively track unmanaged devices that are connected to their organization’s networks. This is a significant oversight, as unmanaged devices can pose a great risk to the security of the network. By not tracking these devices, organizations are essentially leaving their networks open to attack from potentially vulnerable devices.

The report also found that organizations are not updating their device inventories frequently enough, with 46% of respondents saying they update their inventories weekly, 30% updating them daily, 15% updating them monthly and 5% updating them quarterly. This lack of frequent updates can make it difficult for organizations to stay on top of the constantly changing nature of their IT environments and can lead to blind spots and vulnerabilities.

Recommendations from Armis in Response to These Findings

Organizations need to think about their cyber/tech resiliency strategy in three key steps: firstly they need a single source of asset truth across every device that is connected to their network, not just the managed devices. Secondly, visibility provides clarity into the technical and operational debt with the greatest potential for business impact. Lastly, action the intelligence so the technology environment can be optimized in support of resiliency. Regularly repeat the final two steps to ensure a continued focus on what is most likely to disrupt critical business operations and strategies.

To combat the issue of miscounting devices connected to their networks, organizations can use The Armis Collective Asset Intelligence Engine to negate the issue of unmanaged devices by gaining visibility and control over all assets connected to their network. The engine collects data on 3+ billion devices and their behavior, analyzes the data and provides insights to customers on their device inventory, usage and security posture. By using the Armis Collective Asset Intelligence Engine, customers can reduce their attack surface, mitigate risk and enhance overall security.

Further, by leveraging the Armis Asset Intelligence & Security Platform, customers can identify and classify all connected assets, including IoT, BYOD and unmanaged devices. They’re empowered to track the behavior of these devices, detect anomalies and threats, and enforce policies to prevent unauthorized access and data exfiltration. The Armis platform can also automate device management tasks, such as patching and updating software, and monitor compliance with regulatory frameworks, such as HIPAA and GDPR.

The results of this 2023 Cyber Security Trends and Cyber Asset Visibility Survey has cast a clear light on a number of key areas where senior IT decision makers can benefit from engaging with Armis. Through working with our team, we can help to reduce the number of challenges IT and business leaders experience this year in the hopes that we may help them to sleep better at night.

To learn more about Armis, please contact us.