PARIS – November 7, 2023 – New research from Armis, the asset intelligence cybersecurity company, found more than half (53%) of French organizations lack complete control and management over the company owned and managed assets connected to their environment. This, coupled with a lack of automation and integration for both asset management and threat intelligence processes, has led a majority (91%) of IT security and IT decision-makers to believe their organization requires improved policies and procedures for addressing security vulnerabilities and exposures.
“It only takes one exploited vulnerability on an unmonitored asset to quietly pave the way to a material security incident for an organization,” said Curtis Simpson, CISO, Armis. “This is why it is key for security teams to have a real time, comprehensive view of their entire contextual attack surface. Security teams must be able to prioritize proactive mitigation and remediation strategies and reactive response efforts based on the corresponding level of risk posed to their organization. By identifying and eliminating high-risk vulnerabilities before they evolve into catalysts for cyberattacks, companies can fortify their network defenses and maintain highly resilient operations.”
Key findings from Armis’ research, commissioned with Vanson Bourne, include:
Manual processes and disjointed threat intelligence sources are hindering security teams’ efforts to effectively remediate significant exposures.
- French respondents, on average, indicated their organizations use 11 different tools to manage assets in their environment, and 50% admit to still using manual spreadsheets.
- French organizations cannot account for around 40% of their asset attributes, when it comes to knowing things like asset location or the support status of these assets.
- Nine different sources are used on average by organizations in France to collect threat intelligence data. With just 53% to 60% of the related processes being automated or orchestrated on average, the remaining requires manual efforts. Around 58% of the information gathered is actionable, with the remaining 42% being unactionable.This is likely why one third (33%) of cybersecurity teams in France are feeling overwhelmed by cyber threat information.
Without complete oversight into the entire attack surface, including employee owned assets, French organizations are more likely to suffer a breach.
- Less than half (43%) of French respondents reported their company has a policy in place for BYOD that is enforced across all employees.
- Nearly three quarters (73%) of French organizations reported that employees periodically bypass security and download applications and software onto assets without the knowledge of IT or Security teams.
- Over one in two (55%) French organizations experienced a security breach in the last year as part of a cyberattack; 28% experienced multiple breaches during the same period.
- The most common consequences of a breach in France are loss of productivity (45%) and reputational damage (42%).
“With loss of productivity and reputational damage becoming a common result of a weak cybersecurity posture, French companies can no longer turn a blind eye to their situation,” said Jean Michel Tavernier, Regional Manager France and Iberia, Armis. “Unknown and unmanaged assets, whether they are company owned or employee owned, pose a security risk to organizations by creating an unknown gateway for intrusion into the company environment. Security teams must prioritize gaining complete oversight over all assets to successfully manage risk. However, they cannot do this manually. There are too many assets with vulnerabilities, pointing to a clear need for automated technologies that help protect the entire attack surface.”
To read the full research report from Armis, including a global view of this data and comprehensive breakdown for each region, please visit: https://www.armis.com/attack-surface-management
Learn about how Armis Centrix™, the AI-powered cyber exposure management platform, is enabling organizations to address these critical cybersecurity challenges here: https://www.armis.com/platform/armis-centrix/
Methodology and Demographics
Armis commissioned independent market research agency Vanson Bourne to conduct research into attack surface management within enterprise organizations. The study surveyed 900 IT security and IT decision-makers in May and June 2023 from organizations with 1,000 or more employees, including 150 French respondents and others across the U.S., U.K., Germany, Singapore, Australia and New Zealand. Respondents were from organizations across all public and private sectors. All interviews were conducted using a rigorous multi-level screening process to ensure that only suitable candidates were given the opportunity to participate.
Armis, the asset intelligence cybersecurity company, protects the entire attack surface and manages the organization’s cyber risk exposure in real time. In a rapidly evolving, perimeter-less world Armis ensures that organizations continuously see, protect and manage all critical assets. Armis secures Fortune 100, 200 and 500 companies as well as national governments, state and local entities to help keep critical infrastructure, economies and society stay safe and secure 24/7. Armis is a privately held company headquartered in California.