New Survey Results: Asset Visibility is the #1 Challenge for Security Pros

With ransomware and cyberattacks on the rise across the globe, preventative measures are crucial for businesses to protect their assets and reduce burdens on the security team. Last month at Infosecurity Europe, Armis surveyed over one hundred security professionals to find out more about the impact of current and future cybersecurity risks on their organizations. We aimed to explore the biggest cybersecurity challenges faced by companies and their impacts on employees today. The results of our survey highlight a real concern among employees about threats related to poor asset visibility, amongst rising concern for employee welfare.

Board Involvement

A full 69% of survey respondents claimed that board involvement in cybersecurity has increased within the past six months, though nearly a  quarter (23%) of respondents thought that board members do not have enough involvement with cybersecurity. On a positive note, this suggests that board members are becoming more cybersecurity aware. This may be a big step to better managing cybersecurity risk within companies. It also clearly indicates that the senior management of many organizations are taking cybersecurity threats seriously; however, with nearly one in four saying the board is not involved enough – there’s clearly room for improvement.

Challenges Faced

So, what are the biggest cybersecurity challenges that employees think their organisations face? The top three biggest challenges the survey identified were asset visibility (39%), recruitment/staffing (37%), and compliance with industry regulations (31%).

In addition, a quarter (25%) of respondents deemed poor asset visibility as the biggest risk to their organizations. At Armis, we’ve been hearing from customers about their asset visibility challenges for some time, and we recently took a huge step toward helping eliminate them. At the 2022 RSA Conference, we announced the launch of Armis Asset Vulnerability Management (AVM), the industry’s first end-to-end risk-based vulnerability lifecycle management solution for protecting the extended asset attack surface.

Over half (54%) of respondents said that employee behavior is considered the biggest risk to their organizations. Given limited resources and the scope of behavior-related challenges, automation is increasingly seen as a vital tool.

Priorities

When asked what the biggest priority should be when it comes to cybersecurity within their organisations, the responses varied. However, risk assessments (15%), compliance (14%), and improving visibility of all assets connected to the network (13%) topped respondents’ lists.

Top 5 Priorities for Cybersecurity in Any Organization

1. Risk assessment
2. Compliance
3. Asset visibility
4. Security awareness training
5. Threat detection and incident response

Fortunately, many organisations have started to implement change over the last six months, though the findings show there is some room for improvement. Over one-third of the people surveyed said that their businesses had reviewed and/or tightened their security policies, and one in five said that they had implemented an incident response plan. However, only a quarter of respondents said that they had performed a total risk assessment in the past six months. Given how fast things evolve in most of today’s environments, six months can be an eternity.

These figures also suggest that 75% of respondents are providing their boards with out-of-date and stale data that is not fit for timely risk assessments. Organizations can and should aim higher, particularly as capabilities now exist for performing continuous risk assessments, which can help them achieve the next crucial step towards risk assessment maturity.

Many of these encouraging steps are likely a result of the changing geopolitical climate, with government agencies on both sides of the Atlantic issuing guidance and warnings about increased nation-state cyberwarfare.

Impact

With Russia’s invasion of Ukraine precipitating a rise in tensions across Europe, many organizations are worried about a Russian cyberattack on the UK’s critical national infrastructure (CNI). In fact, almost two-thirds (63%) of respondents said that they were worried about such an attack. Organizations and enterprises in North Atlantic Treaty Organization (NATO) countries are also at higher risk of cyberattacks due to NATO aid for Ukraine’s defense efforts. Given the stakes, it is crucial that organizations in NATO countries listen to the concerns of their employees and scale up their ability to handle the growing number of vulnerabilities and threats that are putting their assets at risk.

So what do these concerns mean for organisations today? Three out of five (60%) of our respondents said that they’re dealing with more security alerts, with almost one in ten (8%) saying that they’re struggling to keep up with managing them. A full 10% also noted that their overtime has increased. At a time when mental health and work-life balance considerations are a concern across the industry, such statistics are a potential red flag. Especially when you consider that 10% of our respondents also said that they were more stressed at work.

When it comes to relieving stress on security employees, our new Enterprise Workflow Automation (EWA) module can reduce and eliminate a host of tedious manual security processes. The module provides security teams with a seamless experience to build efficient workflows and replace manual processes with an orchestrated response to events. The no-code EWA is fully accessible and easy to use, providing a way to quickly alleviate many of the pressures on stressed IT teams, reducing overtime and helping to manage mounting security alerts.

Conclusion

At the end of the day, our Infosecurity Europe survey indicates businesses are making progress in preventing attacks, and increased board member interest will only help with ensuring organisations are efficiently orchestrating the right resources to maximize enterprise protections.

Discover how Armis AVM can help your enterprise see, understand, and better protect its entire attack surface with complete asset visibility.